Distinguisher and non-randomness of Grain-v1 for 112, 114 and 116 initialisation rounds with multiple-bit difference in IVs

In this study, the authors construct two different distinguishers on Grain-v1 with 112 and 114 initialisation rounds. Their first distinguisher can distinguish Grain-v1 with 112 initialisation rounds from a uniform random source for 99% of the randomly chosen keys from full key space. The second one...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IET information security 2019-11, Vol.13 (6), p.603-613
Hauptverfasser: Dalai, Deepak Kumar, Maitra, Subhamoy, Pal, Santu, Roy, Dibyendu
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this study, the authors construct two different distinguishers on Grain-v1 with 112 and 114 initialisation rounds. Their first distinguisher can distinguish Grain-v1 with 112 initialisation rounds from a uniform random source for 99% of the randomly chosen keys from full key space. The second one can distinguish Grain-v1 from a random source for 73% of the randomly chosen keys for one-fourth of the total key space (278 keys out of 280 keys). Our results improve upon the earlier distinguishers. The technique used for the distinguishers is conditional differential cryptanalysis. The existing works in this direction considered only one bit difference in the initialisation vector. However, for the first time, they could handle complicated conditions for the 2-bit difference to obtain better cryptanalytic results. Extending their technique by allowing the 1-bit difference in the pair of keys (i.e. related keys) and the 4-bit difference in IVs, they could observe the non-randomness till 116 initialisation rounds with a success in 62% cases.
ISSN:1751-8709
1751-8717
1751-8717
DOI:10.1049/iet-ifs.2018.5276