Abstract
In this paper, we analyze the Espresso cipher from a related key chosen IV perspective. More precisely, we explain how one can obtain Key-IV pairs such that Espresso’s keystreams either have certain identical bits or are shifted versions of each other. For the first case, we show how to obtain such pairs after \(2^{32}\) iterations, while for the second case, we present an algorithm that produces such pairs in \(2^{28}\) iterations. Moreover, we show that by making a minor change in the padding used during the initialization phase, it can lead to a more secure version of the cipher. Specifically, changing the padding increases the complexity of our second attack from \(2^{28}\) to \(2^{34}\). Finally, we show how related IVs can accelerate brute force attacks, resulting in a faster key recovery. Although our work does not have any immediate implications for breaking the Espresso cipher, these observations are relevant in the related-key chosen IV scenario.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
both using only two related IV’s
- 2.
during one clock
- 3.
implicitly PKSA and PKSA\(^{-1}\)
- 4.
255, 251, 247, 243, 239, 235, 231
- 5.
due to the key bits involved in their computation
- 6.
an average of \(\tau \) IV’s are generated
- 7.
e.g. \(\alpha = 100\) since \(\sigma = 4\) or 8
- 8.
An attacker starts by brute-forcing parts of a cryptographic key and then uses various methods to determine the remaining unknown portions, often relying on prior knowledge or observations about the encryption process.
- 9.
and hence, unknown to an attacker
- 10.
See the full version of the paper [12] for an analysis of our proposed version.
References
NIST SP 800–22: Download Documentation and Software (2014). https://csrc.nist.gov/Projects/Random-Bit-Generation/Documentation-and-Software
NIST SP 800-90B: Entropy Assessment (2018). https://github.com/usnistgov/SP800-90B_EntropyAssessment
The GNU Multiple Precision Arithmetic Library (1991). https://gmplib.org/
Banik, S., Maitra, S., Sarkar, S.: Some results on related key-IV pairs of grain. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, pp. 94–110. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34416-9_7
Banik, S., Maitra, S., Sarkar, S., Meltem Sönmez, T.: A chosen IV related key attack on grain-128a. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 13–26. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39059-3_2
De Cannière, C., Küçük, Ö., Preneel, B.: Analysis of grain’s initialization algorithm. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 276–289. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_19
Ding, L., Guan, J.: Related key chosen IV attack on grain-128a stream cipher. IEEE Trans. Inf. Forensics Secur. 8(5), 803–809 (2013)
Dubrova, E., Hell, M.: Espresso: a stream cipher for 5G wireless communication systems. Cryptogr. Commun. 9(2), 273–289 (2017)
Küçük, Ö.: Slide resynchronization attack on the initialization of grain 1.0, Tech. rep. (2006)
Maimuţ, D., Teşeleanu, G.: New configurations of grain ciphers: security against slide attacks. In: Ryan, P.Y., Toma, C. (eds.) Innovative Security Solutions for Information Technology and Communications. SecITC 2021. Lecture Notes in Computer Science, vol. 13195, pp. 260–285. Springer, Cham (2021). https://doi.org/10.1007/978-3-031-17510-7_18
Olsson, M., Cavdar, C., Frenger, P.K., Tombaz, S., Sabella, D., Jäntti, R.: 5GrEEn: towards green 5G mobile networks. In: WiMob 2013, pp. 212–216. IEEE Computer Society (2013)
Teşeleanu, G.: Some results on related key-IV pairs of espresso. IACR Cryptology ePrint Archive 2023/1691 (2023)
Wang, M.X., Dai Lin, D.: Related key chosen IV attack on stream cipher espresso variant. In: CSE/EUC 2017, vol. 1, pp. 580–587. IEEE Computer Society (2017)
Yao, G., Parampalli, U.: Generalized NLFSR transformation algorithms and cryptanalysis of the class of espresso-like stream ciphers. CoRR abs/1911.01002 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Examples
A Examples
1.1 A.1 Propagation of a Single Bit Differential
Based on Algorithm 1, in Table 9 we present some examples. More precisely, two initial states \(X_{0}\) and \(X_{0, \varDelta }\) which differ only in the position presented in Table 9, Column 1, produce identical output bits in the positions found in Table 9, Column 3, among the initial 160 key stream bits obtained during the PRGA.
1.2 A.2 Multiple Key-IV Trials with a Fixed Differential
In Table 10 we provide an examples for Algorithm 2.
1.3 A.3 Key-IV Pairs that Produce Shifted Keystreams
In Table 11 we present a set of examples for Algorithms 4 to 7.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Teşeleanu, G. (2024). Some Results on Related Key-IV Pairs of Espresso. In: Manulis, M., Maimuţ, D., Teşeleanu, G. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2023. Lecture Notes in Computer Science, vol 14534. Springer, Cham. https://doi.org/10.1007/978-3-031-52947-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-52947-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-52946-7
Online ISBN: 978-3-031-52947-4
eBook Packages: Computer ScienceComputer Science (R0)