Cryptanalysis of grain
(2006) 13th International Workshop, FSE 2006 4047. p.15-29- Abstract
- Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR,of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 2 43 computations and 2 38 keystream bits to determine the 80-bit key.
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/395212
- author
- Berbain, Come ; Gilbert, Henri and Maximov, Alexander LU
- organization
- publishing date
- 2006
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- correlation attack, Walsh transform, stream cipher
- host publication
- Lecture Notes in Computer Science (Fast Software Encryption,. Revised selected papers)
- volume
- 4047
- pages
- 15 - 29
- publisher
- Springer
- conference name
- 13th International Workshop, FSE 2006
- conference location
- Graz, Austria
- conference dates
- 2006-03-15 - 2006-03-17
- external identifiers
-
- wos:000239471600002
- scopus:33746740431
- ISSN
- 1611-3349
- 0302-9743
- ISBN
- 978-3-540-36597-6
- DOI
- 10.1007/11799313
- language
- English
- LU publication?
- yes
- id
- 595df402-bc7b-4b2e-a7ae-3a261ca75b23 (old id 395212)
- date added to LUP
- 2016-04-01 12:33:16
- date last changed
- 2024-09-25 10:47:20
@inproceedings{595df402-bc7b-4b2e-a7ae-3a261ca75b23, abstract = {{Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR,of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 2 43 computations and 2 38 keystream bits to determine the 80-bit key.}}, author = {{Berbain, Come and Gilbert, Henri and Maximov, Alexander}}, booktitle = {{Lecture Notes in Computer Science (Fast Software Encryption,. Revised selected papers)}}, isbn = {{978-3-540-36597-6}}, issn = {{1611-3349}}, keywords = {{correlation attack; Walsh transform; stream cipher}}, language = {{eng}}, pages = {{15--29}}, publisher = {{Springer}}, title = {{Cryptanalysis of grain}}, url = {{http://dx.doi.org/10.1007/11799313}}, doi = {{10.1007/11799313}}, volume = {{4047}}, year = {{2006}}, }