Paper 2023/884

Near Collision Attack Against Grain v1

Subhadeep Banik, Universita della Svizzera Italiana
Daniel Collins, École Polytechnique Fédérale de Lausanne
Willi Meier, FHNW

A near collision attack against the Grain v1 stream cipher was proposed by Zhang et al. in Eurocrypt 18. The attack uses the fact that two internal states of the stream cipher with very low hamming distance between them, produce similar keystream sequences which can be identified by simple statistical tests. Such internal states once found in the stream cipher simplify the task of cryptanalysis for the attacker. However this attack has recently come under heavy criticism from Derbez et al. at ToSC 2020:4, who claim that some of the assumptions made in the above paper were not correct. As a result they concluded that the attack presented by Zhang et al. when implemented would take time more than required for a brute force search. In this paper, we take another look at the near collision attack against the Grain v1 stream cipher. We avoid the techniques of the above Eurocrypt paper that have come under criticism, and independently show that a near collision attack can still be applied to Grain v1.

Available format(s)
Attacks and cryptanalysis
Publication info
Published elsewhere. ACNS 2023
grain v1near collision attackcryptanalysisgrain 128grain 128astream cipher
Contact author(s)
subhadeep banik @ usi ch
daniel collins @ epfl ch
willimeier48 @ gmail com
2023-06-12: approved
2023-06-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Subhadeep Banik and Daniel Collins and Willi Meier},
      title = {Near Collision Attack Against Grain v1},
      howpublished = {Cryptology ePrint Archive, Paper 2023/884},
      year = {2023},
      doi = {10.1007/978-3-031-33488-7_7},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.