Skip to main content
SpringerLink
Log in

Grain-128AEADv2: Strengthening the Initialization Against Key Reconstruction

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13099))

Included in the following conference series:

Abstract

Properties of the Grain-128AEAD key re-introduction, as part of the cipher initialization, are analyzed and discussed. We consider and analyze several possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seems favorable to separate the state initialization, the key re-introduction, and the A/R register initialization into three separate phases. Based on this, we propose a new cipher initialization and update the cipher version to Grain-128AEADv2. It can be noted that previously reported and published analysis of the cipher remains valid also for this new version.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. Int. J. Wireless Mobile Comput. 5(1), 48–59 (2011)

    Article  Google Scholar 

  2. Amin Ghafari, V., Hu, H.: Fruit-80: a secure ultra-lightweight stream cipher for constrained environments. Entropy 20(3) (2018). https://www.mdpi.com/1099-4300/20/3/180

  3. Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_22

    Chapter  Google Scholar 

  4. Babbage, S., Dodd, M.: The stream cipher mickey 2.0. eSTREAM: the ECRYPT Stream Cipher Project (2006)

    Google Scholar 

  5. Chang, D., Turan, M.S.: Recovering the key from the internal state of grain-128aead. Cryptology ePrint Archive, Report 2021/439 (2021). https://eprint.iacr.org/2021/439

  6. Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_13

    Chapter  Google Scholar 

  7. Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full grain-128 using dedicated reconfigurable hardware. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 327–343. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_18

    Chapter  Google Scholar 

  8. Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_10

    Chapter  Google Scholar 

  9. Hamann, M., Krause, M.: On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5), 959–1012 (2018). https://doi.org/10.1007/s12095-018-0294-5

    Article  MathSciNet  MATH  Google Scholar 

  10. Hamann, M., Krause, M., Meier, W.: Lizard - a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptology 2017(1), 45–79 (2017)

    Article  Google Scholar 

  11. Hell, M., Johansson, T., Brynielsson, L.: An overview of distinguishing attacks on stream ciphers. Cryptogr. Commun. 1(1), 71–94 (2009)

    Article  MathSciNet  Google Scholar 

  12. Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE (2006)

    Google Scholar 

  13. Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wireless Mobile Comput. 2(1), 86–93 (2007)

    Article  Google Scholar 

  14. Ma, Z., Tian, T., Qi, W.F.: Conditional differential attacks on grain-128a stream cipher. IET Inf. Secur. 11(3), 139–145 (2017)

    Article  Google Scholar 

  15. Maximov, A., Hell, M.: Software evaluation of grain-128aead for embedded platforms. Cryptology ePrint Archive, Report 2020/659 (2020). https://eprint.iacr.org/2020/659

  16. Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Trans. Symmetric Cryptology 2016(2), 52–79 (2017)

    Article  Google Scholar 

  17. Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 98–107. Association for Computing Machinery (2002)

    Google Scholar 

  18. Sönnerup, J., Hell, M., Sönnerup, M., Khattar, R.: Efficient hardware implementations of grain-128AEAD. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 495–513. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35423-7_25

    Chapter  Google Scholar 

Download references

Acknowledgements

This research was funded in part by the Swedish Foundation for Strategic Research, grant RIT17-0032 and in part by the ELLIIT project.

Author information

Authors and Affiliations

  1. Department of Electrical and Information Technology, Lund University, Lund, Sweden

    Martin Hell & Thomas Johansson

  2. Ericsson AB, Lund, Sweden

    Alexander Maximov

  3. FHNW, Windisch, Switzerland

    Willi Meier

  4. Cyber Physical Security Research Center (CPSEC), National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Hirotaka Yoshida

Authors
  1. Martin Hell
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Johansson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Maximov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Willi Meier
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hirotaka Yoshida
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Hell .

Editor information

Editors and Affiliations

  1. University of Padua, Padua, Italy

    Mauro Conti

  2. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Marc Stevens

  3. AIT Austrian Institute of Technology, Vienna, Austria

    Stephan Krenn

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hell, M., Johansson, T., Maximov, A., Meier, W., Yoshida, H. (2021). Grain-128AEADv2: Strengthening the Initialization Against Key Reconstruction. In: Conti, M., Stevens, M., Krenn, S. (eds) Cryptology and Network Security. CANS 2021. Lecture Notes in Computer Science(), vol 13099. Springer, Cham. https://doi.org/10.1007/978-3-030-92548-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92548-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92547-5

  • Online ISBN: 978-3-030-92548-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation