Abstract
It is known that for a stream cipher with state size less than 2.5 times the key size, it is possible to mount a Time-Memory-Data Trade-Off attack with an online complexity lower than the exhaustive key search. The search space is restricted by considering a fixed keystream prefix and deducing certain state bits by formulating equations. We show how by using SAT solving techniques one can automate this process of solving equations and obtain better parameters. This is demonstrated by mounting TMDTO attacks on ACORN v3 and Grain v1. We show that a TMDTO attack can be mounted on ACORN v3 with a preprocessing complexity 2171 and 2180 (without and with the help of a SAT solver) and the maximum of online time, memory and data complexities 2122 and 2120 respectively. For Grain v1, we show that it is possible to obtain parameters as T = 268.06, M = 264, D = 268 with a preprocessing complexity of 296. While our results do not refute any claim of the designers, these observations might be useful for further understanding of the ciphers.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs41635-018-0054-1/MediaObjects/41635_2018_54_Fig1_HTML.png)
Similar content being viewed by others
References
Biryukov A, Shamir A, Wagner D Real time cryptanalysis of A5/1 on a PC. FSE 2000, pp. 1–18, LNCS 1978, 2000. Available at: https://link.springer.com/chapter/10.1007/3-540-44706-7_1
Biryukov A, Shamir A Cryptanalytic time/memory/data tradeoffs for stream ciphers. Asiacrypt 2000, pp. 1–13, LNCS 1976, 2000. Available at: https://link.springer.com/chapter/10.1007/3-540-44448-3_1
Bjrstad TE Cryptanalysis of grain using time/memory/data tradeoffs. Estream Phase 3 (2013). Available at: www.ii.uib.no/tor/pdf/grain.pdf
Competition CAESAR, Hosted at: http://competitions.cr.yp.to/caesar.html
Hamann M, Krause M, Meier W LIZARD - A lightweight stream cipher for power-constrained devices. FSE 2017. Available at: http://tosc.iacr.org/index.php/ToSC/article/view/584
Hell M, Johansson T, Meier W (2007) Grain: a stream cipher for constrained environments. Int J Wirel Mob Comput 2(1):86–93. Available at: https://dl.acm.org/citation.cfm?id=1358401
Jiao L, Zhang B, Wang M Two generic methods of analyzing stream ciphers. ISC 2015, Lecture Notes in Computer Science, pp. 379–396, 2015. Available at: https://dl.acm.org/citation.cfm?id=2966308
Maitra S, Sinha N, Siddhanti A, Anand R, Gangopadhyay S (2018) A TMDTO attack against lizard. IEEE Trans Comput 67(5):733–739. Available at: https://ieeexplore.ieee.org/abstract/document/8107499/
Mihaljević MJ, Gangopadhyay S, Paul G, Imai H (2012) Internal state recovery of Grain-v1 employing normality order of the filter function. IET Inf Secur 6(2):55–64. Available at: ieeexplore.ieee.org/document/6230812/
SAGE mathematics software. Free software foundation, Inc., 2009. Available at http://www.sagemath.org. (Open source project initiated by W. Stein and contributed by many)
Sarkar S, Banik S, Maitra S (2015) Differential Fault Attack against Grain family with very few faults and minimal assumptions. IEEE Trans Comput 64(6):1647–1657. Available at: https://ieeexplore.ieee.org/document/6857997/
Siddhanti A A, Maitra S, Sinha N Certain Observations on ACORN v3 and the Implications to TMDTO Attacks. International Conference on Security, Privacy, and Applied Cryptography Engineering, pp. 264-280, LNCS 10662, Springer. Available at: https://link.springer.com/chapter/10.1007/978-3-319-71501-8_15
Wu H ACORN: A Lightweight Authenticated Cipher (v3). Available at: https://competitions.cr.yp.to/round3/acornv3.pdf
Acknowledgments
The authors like to thank Dr. Dibyendu Roy, School of Mathematical Science, NISER, India, for an excellent review on an initial version of this paper.
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
Rights and permissions
About this article
Cite this article
Siddhanti, A.A., Maitra, S. & Sinha, N. Certain Observations on ACORN v3 and Grain v1—Implications Towards TMDTO Attacks. J Hardw Syst Secur 3, 64–77 (2019). https://doi.org/10.1007/s41635-018-0054-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-018-0054-1