Key Recovery Attacks on Grain-like Keystream Generators with Key Injection
|
Accepted Version
(PDF 356kB)
131187910. Available under License Creative Commons Attribution Non-commercial 4.0. |
Free-to-read version at publisher website
Description
A common structure in stream ciphers makes use of linear and nonlinear shift registers with a nonlinear output function drawing from both registers.We refer to these as Grain-like keystream generators. A recent development in lightweight ciphers is a modification of this structure to include a non-volatile key register, which allows key bits to be fed into the state update of the nonlinear register. Sprout and Plantlet are examples of this modified structure. The authors of these ciphers argue that including these key bits in the internal state update provides increased security, enabling the use of reduced register sizes below the commonly accepted rule of thumb that the state size should
be at least twice the key size.
In this paper, we analyse Plantlet and show that the security of this design depends entirely on the choice of the output function. Specifically, the contribution from the nonlinear register to the output function determines
whether a key recovery attack is possible. We make a minor modification to Plantlet’s output function which allows the contents of the linear register to be recovered using an algebraic attack during keystream generation. This information then allows partial recovery of the contents of the nonlinear register, after which the key bits and the remaining register contents can be obtained using a guess and check approach, with a complexity significantly lower than exhaustive key search.
Note that our attack is not successful on the existing version of Plantlet, though it only requires minor modifications to the filter function in order for the attack to succeed. However, our results clearly demonstrate that including the key in the state update during keystream generation does not increase the security of Plantlet. In fact, this feature was exploited to recover the key during keystream generation without the need to consider the initialisation process. This paper provides design guidelines for choosing both suitable output functions and the register stages used for inputs to these functions in order to resist the attacks we applied.
Impact and interest:
Citation counts are sourced monthly from Scopus and Web of Science® citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads:
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
ID Code: | 239392 | ||||||
---|---|---|---|---|---|---|---|
Item Type: | Chapter in Book, Report or Conference volume (Conference contribution) | ||||||
Series Name: | Lecture Notes in Computer Science (LNCS), including its subseries Lecture Notes in Artificial Intelligence (LNAI) and Lecture Notes in Bioinformatics (LNBI) | ||||||
ORCID iD: |
|
||||||
Measurements or Duration: | 20 pages | ||||||
Keywords: | Key recovery, algebraic attack, key injection, Plantlet, Grain-like structures, lightweight ciphers | ||||||
DOI: | 10.1007/978-3-031-35486-1_5 | ||||||
ISBN: | 978-3-031-35485-4 | ||||||
Pure ID: | 131187910 | ||||||
Divisions: | Current > QUT Faculties and Divisions > Faculty of Science Current > Schools > School of Computer Science Current > Schools > School of Mathematical Sciences |
||||||
Copyright Owner: | 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG | ||||||
Copyright Statement: | This work is covered by copyright. Unless the document is being made available under a Creative Commons Licence, you must assume that re-use is limited to personal use and that permission from the copyright owner must be obtained for all other uses. If the document is available under a Creative Commons License (or other specified license) then refer to the Licence for details of permitted re-use. It is a condition of access that users recognise and abide by the legal requirements associated with these rights. If you believe that this work infringes copyright please provide details by email to qut.copyright@qut.edu.au | ||||||
Deposited On: | 02 May 2023 05:08 | ||||||
Last Modified: | 22 May 2024 17:55 |
Export: EndNote | Dublin Core | BibTeX
Repository Staff Only: item control page