Distinguisher and non-randomness of Grain-v1 for 112, 114 and 116 initialisation rounds with multiple-bit difference in IVs
In this study, the authors construct two different distinguishers on Grain-v1 with 112 and 114 initialisation rounds. Their first distinguisher can distinguish Grain-v1 with 112 initialisation rounds from a uniform random source for 99% of the randomly chosen keys from full key space. The second one...
Gespeichert in:
Veröffentlicht in: | IET information security 2019-11, Vol.13 (6), p.603-613 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | In this study, the authors construct two different distinguishers on Grain-v1 with 112 and 114 initialisation rounds. Their first distinguisher can distinguish Grain-v1 with 112 initialisation rounds from a uniform random source for 99% of the randomly chosen keys from full key space. The second one can distinguish Grain-v1 from a random source for 73% of the randomly chosen keys for one-fourth of the total key space (278 keys out of 280 keys). Our results improve upon the earlier distinguishers. The technique used for the distinguishers is conditional differential cryptanalysis. The existing works in this direction considered only one bit difference in the initialisation vector. However, for the first time, they could handle complicated conditions for the 2-bit difference to obtain better cryptanalytic results. Extending their technique by allowing the 1-bit difference in the pair of keys (i.e. related keys) and the 4-bit difference in IVs, they could observe the non-randomness till 116 initialisation rounds with a success in 62% cases. |
---|---|
ISSN: | 1751-8709 1751-8717 1751-8717 |
DOI: | 10.1049/iet-ifs.2018.5276 |