Skip to main content
SpringerLink
Log in

Restricted near collision attack on Plantlet

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Plantlet is a recent lightweight stream cipher designed by Mikhalev, Armknecht and Müller in IACR ToSC 2017. This design paradigm receives attention as it is secure against generic time–memory–data trade-off attacks despite its small internal state size. One major motivation for Plantlet is to shore up the weaknesses of Sprout, which is another lightweight stream cipher from the same designers in IACR FSE 2015. In this paper, we observe that a full key recovery attack is possible using a restricted version of near collision attack. We have listed 38 internal state differences whose keystream differences have some fixed 0/1 pattern at certain positions and are efficient for our attack. An adversary in the online phase looks for any one of those 38 patterns in keystream difference. If found then with some probability, the adversary guesses the internal state difference. Afterwards, on solving a system of polynomial equations (formed by keystream bits) using a SAT solver, the adversary can recover the secret key if the guess is correct; otherwise, some contradiction occurs. After probability computations, we find that on repeating the experiment for a fixed number of times, the adversary can recover the secret key with expectation one. The time complexity of the whole process is \(2^{64.693}\) Plantlet encryptions which is 39 times faster than the previous best key recovery attack by Banik et al. in IACR ToSC 2019. We further suggest a countermeasure and its analysis to avoid our attacks. However, the complexity presented in this paper is dependent on the system architecture and implementation of the cipher.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Data Availability

One can generate data using our source codes. The source codes of our results are publicly available at https://github.com/Satyam-Crypto/Restricted_Near-Collision-Attack_on_Plantlet.git.

Notes

  1. https://doc.sagemath.org/html/en/installation/conda.html.

  2. https://www.msoos.org/cryptominisat5/.

References

  1. Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Fast Software Encryption - 22nd International Workshop, FSE 2015, Istanbul, Turkey, March 8–11, 2015, Revised Selected Papers, Lecture Notes in Computer Science, vol. 9054, pp. 451–470. Springer (2015). https://doi.org/10.1007/978-3-662-48116-5_22

  2. Baksi, A., Bhasin, S., Breier, J., Jap, D., Saha, D.: Fault attacks in symmetric key cryptosystems. Cryptology ePrint Archive, Report 2020/1267 (2020). https://eprint.iacr.org/2020/1267

  3. Banik, S.: Some results on Sprout. In: Progress in Cryptology—INDOCRYPT 2015—16th International Conference on Cryptology in India, Bangalore, India, December 6-9, 2015, Proceedings, Lecture Notes in Computer Science, vol. 9462, pp. 124–139. Springer (2015). https://doi.org/10.1007/978-3-319-26617-6_7

  4. Banik, S., Barooti, K., Isobe, T.: Cryptanalysis of Plantlet. IACR Trans. Symmetric Cryptol. 2019(3), 103–120 (2019). https://doi.org/10.13154/tosc.v2019.i3.103-120

    Article  Google Scholar 

  5. Banik, S., Mikhalev, V., Armknecht, F., Isobe, T., Meier, W., Bogdanov, A., Watanabe, Y., Regazzoni, F.: Towards low energy stream ciphers. IACR Trans. Symmetric Cryptol. 2018(2), 1–19 (2018). https://doi.org/10.13154/tosc.v2018.i2.1-19

    Article  Google Scholar 

  6. Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. In: Advances in Cryptology—CRYPTO ’90, 10th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11-15, 1990, Proceedings, pp. 2–21 (1990). https://doi.org/10.1007/3-540-38424-3_1

  7. Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Advances in Cryptology - ASIACRYPT 2000. 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, December 3-7, 2000, Proceedings, Lecture Notes in Computer Science 1976, 1–13 (2000). https://doi.org/10.1007/3-540-44448-3_1. (Springer)

  8. Coppersmith, D., Winograd, S.: Matrix multiplication via arithmetic progressions. In: Proceedings of the Nineteenth Annual ACM Symposium On Theory Of Computing, pp. 1–6 (1987)

  9. Esgin, M.F., Kara, O.: Practical cryptanalysis of full Sprout with TMD tradeoff attacks. In: Selected Areas in Cryptography - SAC 2015 - 22nd International Conference, Sackville, NB, Canada, August 12-14, 2015, Revised Selected Papers, Lecture Notes in Computer Science, vol. 9566, pp. 67–85. Springer (2015). https://doi.org/10.1007/978-3-319-31301-6_4

  10. Hamann, M., Krause, M., Meier, W.: LIZARD - A lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017). https://doi.org/10.13154/tosc.v2017.i1.45-79

    Article  Google Scholar 

  11. Hamann, M., Krause, M., Meier, W., Zhang, B.: Design and analysis of small-state Grain-like stream ciphers. Cryptogr. Commun. 10(5), 803–834 (2018). https://doi.org/10.1007/s12095-017-0261-6

    Article  MathSciNet  Google Scholar 

  12. Lallemand, V., Naya-Plasencia, M.: Cryptanalysis of full Sprout. In: Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference. Santa Barbara, CA, USA, August 16–20, 2015, Proceedings, Part I, Lecture Notes in Computer Science 9215, 663–682 (2015). https://doi.org/10.1007/978-3-662-47989-6_32

  13. Maitra, S., Sarkar, S., Baksi, A., Dey, P.: Key recovery from state information of Sprout: Application to cryptanalysis and fault attack. Cryptology ePrint Archive, Report 2015/236 (2015). https://eprint.iacr.org/2015/236

  14. Maitra, S., Siddhanti, A., Sarkar, S.: A differential fault attack on Plantlet. IEEE Trans. Comput. 66(10), 1804–1808 (2017). https://doi.org/10.1109/TC.2017.2700469

  15. Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Trans. Symmetric Cryptol. 2016(2), 52–79 (2016). https://doi.org/10.13154/tosc.v2016.i2.52-79

  16. Todo, Y., Meier, W., Aoki, K.: On the data limitation of small-state stream ciphers: Correlation attacks on Fruit-80 and Plantlet. In: Selected Areas in Cryptography - SAC 2019 - 26th International Conference, Waterloo, ON, Canada, August 12–16, 2019, Revised Selected Papers, Lecture Notes in Computer Science, vol. 11959, pp. 365–392. Springer (2019). https://doi.org/10.1007/978-3-030-38471-5_15

  17. Zhang, B., Li, Z., Feng, D., Lin, D.: Near collision attack on the Grain v1 stream cipher. In: Fast Software Encryption—20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers, Lecture Notes in Computer Science, vol. 8424, pp. 518–538. Springer (2013). https://doi.org/10.1007/978-3-662-43933-3_27

Download references

Acknowledgements

The author Satyam Kumar acknowledges the generous support of NBHM-DAE (Government of India) for providing research fellowship. Sandip Kumar Mondal is thankful to the University Grants Commission(UGC). Research of Dr. Avishek Adhikari is partially supported by the DST-SERB project MATRICS, vide sanction order: MTR/2019/001573, and DST-FIST project, Govt. of INDIA, vide sanction order: SR/FST/MS-I/2019/41.

Author information

Authors and Affiliations

  1. Department of Mathematics, Indian Institute of Technology Madras, Chennai, India

    Satyam Kumar & Santanu Sarkar

  2. Department of Pure Mathematics, University of Calcutta, Kolkata, India

    Sandip Kumar Mondal

  3. University of Hyogo, Hyogo, Japan

    Takanori Isobe

  4. Nanyang Technological University, Singapore, Singapore

    Anubhab Baksi

  5. Department of Mathematics, Presidency University, Kolkata, India

    Avishek Adhikari

Authors
  1. Satyam Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sandip Kumar Mondal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Santanu Sarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takanori Isobe
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Anubhab Baksi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Avishek Adhikari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santanu Sarkar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, S., Mondal, S.K., Sarkar, S. et al. Restricted near collision attack on Plantlet. J Cryptogr Eng 14, 19–34 (2024). https://doi.org/10.1007/s13389-023-00336-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-023-00336-y

Keywords

Search

Navigation