Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Cryptanalysis of grain

Berbain, Come ; Gilbert, Henri and Maximov, Alexander LU (2006) 13th International Workshop, FSE 2006 4047. p.15-29
Abstract
Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR,of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 2 43 computations and 2 38 keystream bits to determine the 80-bit key.
Please use this url to cite or link to this publication:
author
; and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
correlation attack, Walsh transform, stream cipher
host publication
Lecture Notes in Computer Science (Fast Software Encryption,. Revised selected papers)
volume
4047
pages
15 - 29
publisher
Springer
conference name
13th International Workshop, FSE 2006
conference location
Graz, Austria
conference dates
2006-03-15 - 2006-03-17
external identifiers
  • wos:000239471600002
  • scopus:33746740431
ISSN
0302-9743
1611-3349
ISBN
978-3-540-36597-6
DOI
10.1007/11799313
language
English
LU publication?
yes
id
595df402-bc7b-4b2e-a7ae-3a261ca75b23 (old id 395212)
date added to LUP
2016-04-01 12:33:16
date last changed
2021-10-06 04:02:18
@inproceedings{595df402-bc7b-4b2e-a7ae-3a261ca75b23,
  abstract     = {Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR,of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 2 43 computations and 2 38 keystream bits to determine the 80-bit key.},
  author       = {Berbain, Come and Gilbert, Henri and Maximov, Alexander},
  booktitle    = {Lecture Notes in Computer Science (Fast Software Encryption,. Revised selected papers)},
  isbn         = {978-3-540-36597-6},
  issn         = {0302-9743},
  language     = {eng},
  pages        = {15--29},
  publisher    = {Springer},
  title        = {Cryptanalysis of grain},
  url          = {http://dx.doi.org/10.1007/11799313},
  doi          = {10.1007/11799313},
  volume       = {4047},
  year         = {2006},
}