Figure 1.
Design Specification of Fountain v1.
-
Previous Article
Repeated-root constacyclic codes of length 6lmpn
- AMC Home
- This Issue
- Next Article
doi: 10.3934/amc.2020128
Online First
Online First articles are published articles within a journal that have not yet been assigned to a formal issue. This means they do not yet have a volume number, issue number, or page numbers assigned to them, however, they can still be found and cited using their DOI (Digital Object Identifier). Online First publication benefits the research community by making new scientific discoveries known as quickly as possible.
Readers can access Online First articles via the “Online First” tab for the selected journal.
Some results on lightweight stream ciphers Fountain v1 & Lizard
| 1. | Indian Institute of Technology Kharagpur, Kharagpur, India |
| 2. | Indian Statistical Institute, Kolkata, India |
| 3. | Indian Institute of Technology Madras, Chennai, India |
In this paper, we propose cryptanalytic results on two lightweight stream ciphers: Fountain v1 and Lizard. The main results of this paper are the followings:
$ - $ We propose a zero-sum distinguisher on reduced round Fountain v1. In this context, we study the non-randomness of the cipher with a careful selection of cube variables. Our obtained cube provides a zero-sum on Fountain v1 till $ 188 $ initialization rounds and significant non-randomness till $ 189 $ rounds. This results in a distinguishing attack on Fountain v1 with $ 189 $ initialization rounds.
$ - $ Further, we find that the same cipher has a weakness against conditional Time-Memory-Data-Tradeoff (TMDTO). We show that TMDTO attack using sampling resistance has online complexity $ 2^{110} $ and offline complexity $ 2^{146} $.
$ - $ Finally, we revisit the Time-Memory-Data-Tradeoff attack on Lizard by Maitra et al. (IEEE Transactions on Computers, 2018) and provide our observations on their work. We show that instead of choosing any random string, some particular strings would provide better results in their proposed attack technique.
Mathematics Subject Classification:
94A60.
Citation:
Ravi Anand, Dibyendu Roy, Santanu Sarkar.
Some results on lightweight stream ciphers Fountain v1 & Lizard. Advances in Mathematics of Communications, doi: 10.3934/amc.2020128
![]()
References:
| [1] |
Lightweight Cryptography Standardization, Available from: https://csrc.nist.gov/projects/lightweight-cryptography. |
| [2] |
F. Armknecht and V. Mikhalev, On lightweight stream ciphers with shorter internal states, International Workshop on Fast Software Encryption (FSE), LNCS, Springer, 9054 (2015), 451–470.
doi: 10.1007/978-3-662-48116-5_22. |
| [3] |
J.-P. Aumasson, I. Dinur, W. Meier and A. Shamir, Cube testers and key recovery attacks on reduced-round MD6 and Trivium, International Workshop on Fast Software Encryption (FSE), LNCS, Springer, 5665 (2009), 1–22.
doi: 10.1007/978-3-642-03317-9_1. |
| [4] |
S. H. Babbage, Improved "exhaustive search" attacks on stream ciphers, European Convention on Security and Detection, IET, (1995), 161–166.
doi: 10.1049/cp:19950490. |
| [5] |
S. Banik, Some results on Sprout, International Conference on Cryptology in India (Indocrypt), LNCS, Springer, 9462 (2015), 124–139.
doi: 10.1007/978-3-319-26617-6_7. |
| [6] |
S. Banik, T. Isobe, T. Cui and J. Guo,
Some cryptanalytic results on Lizard, IACR Transactions on Symmetric Cryptology, 2017 (2017), 82-98.
|
| [7] |
A. Biryukov and A. Shamir, Cryptanalytic time/memory/data tradeoffs for stream ciphers, International Conference on the Theory and Application of Cryptology and Information Security (Asiacrypt), LNCS, Springer, 1976 (2000), 1–13.
doi: 10.1007/3-540-44448-3_1. |
| [8] |
A. Biryukov, A. Shamir and D. Wagner, Real time cryptanalysis of A5/1 on a PC, International Workshop on Fast Software Encryption (FSE), LNCS, Springer, 1978 (2000), 37–44.
doi: 10.1007/3-540-44706-7_1. |
| [9] |
S. Dey, T. Roy and S. Sarkar, Some results on Fruit, Designs, Codes and Cryptography, Springer, 87 (2019), 349–364.
doi: 10.1007/s10623-018-0533-y. |
| [10] |
I. Dinur and A. Shamir, Cube attacks on tweakable black box polynomials, Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt), LNCS, Springer, 5479 (2009), 278–299.
doi: 10.1007/978-3-642-01001-9_16. |
| [11] |
M. F. Esgin and O. Kara, Practical cryptanalysis of full Sprout with TMD tradeoff attacks, International Conference on Selected Areas in Cryptography (SAC), LNCS, Springer, 9566 (2015), 67–85.
doi: 10.1007/978-3-319-31301-6_4. |
| [12] |
V. A. Ghafari and H. Hu,
A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a, Journal of Ambient Intelligence and Humanized Computing, Springer, 10 (2019), 2393-2400.
|
| [13] |
V. A. Ghafari, H. Hu and Y. Chen, Fruit-80: A secure ultra-lightweight stream cipher for constrained environments, Entropy, Multidisciplinary Digital Publishing Institute, 20 (2018), 180. |
| [14] |
V. A. Ghafari, H. Hu and M. Alizadeh, Necessary conditions for designing secure stream ciphers with the minimal internal states, IACR Cryptol. ePrint Arch., (2017), 765. |
| [15] |
J. Golić, Cryptanalysis of alleged A5 stream cipher, International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt), LNCS, Springer, 1233 (1997), 239–255. |
| [16] |
C. M. Grinstead and J. L. Snell, Introduction to Probability, American Mathematical Society, 2012. |
| [17] |
M. Hamann, M. Krause, W. Meier and B. Zhang, Design and analysis of small-state Grain-like stream ciphers, Cryptography and Communications, Springer, 10 (2018), 803–834.
doi: 10.1007/s12095-017-0261-6. |
| [18] |
M. Hamann, M. Krause and W. Meier,
LIZARD - A lightweight stream cipher for power-constrained devices, IACR Transactions on Symmetric Cryptology, 2017 (2017), 45-79.
|
| [19] |
M. Hell, T. Johansson and W. Meier,
Grain: A stream cipher for constrained environments, International Journal of Wireless and Mobile Computing, 2 (2007), 86-93.
doi: 10.1504/IJWMC.2007.013798. |
| [20] |
M. E. Hellman,
A cryptanalytic time-memory trade-off, IEEE Transactions on Information Theory, 26 (1980), 401-406.
doi: 10.1109/TIT.1980.1056220. |
| [21] |
V. Lallemand and M. N. Plasencia, Cryptanalysis of full Sprout, Annual Cryptology Conference (Crypto), LNCS, Springer, 9215 (2015), 663–682.
doi: 10.1007/978-3-662-47989-6_32. |
| [22] |
S. Maitra, N. Sinha, A. Siddhanti, R. Anand and S. Gangopadhyay,
A TMDTO attack against Lizard, IEEE Transactions on Computers, 67 (2017), 733-739.
doi: 10.1109/TC.2017.2773062. |
| [23] |
S. Maitra, S. Sarkar, A. Baksi and P. Dey, Key recovery from state information of Sprout: Application to cryptanalysis and fault attack, IPSI Transactions on Advanced Research, 12 (2016). |
| [24] |
S. Maitra, A. Siddhanti and S. Sarkar,
A differential fault attack on Plantlet, IEEE Transactions on Computers, 66 (2017), 1804-1808.
doi: 10.1109/TC.2017.2700469. |
| [25] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai,
Internal state recovery of Grain-v1 employing normality order of the filter function, IET Information Security, 6 (2012), 55-64.
|
| [26] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai,
Generic cryptographic weakness of $k$-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128, Periodica Mathematica Hungarica, 65 (2012), 205-227.
doi: 10.1007/s10998-012-4631-8. |
| [27] |
V. Mikhalev, F. Armknecht and C. Müller,
On ciphers that continuously access the non-volatile key, IACR Transactions on Symmetric Cryptology, 2016 (2016), 52-79.
doi: 10.46586/tosc.v2016.i2.52-79. |
| [28] |
R. Posteuca, Related-key differential slide attack against Fountain V1, Proceedings of the Romanian Academy, Series A, 21 (2020), 61–68. |
| [29] |
S. Sarkar, S. Maitra and A. Baksi,
Observing biases in the state: Case studies with Trivium and Trivia-sc, Designs, Codes and Cryptography, 82 (2017), 351-375.
doi: 10.1007/s10623-016-0211-x. |
| [30] |
Q. Wang, Y. Hao, Y. Todo, C. Li, T. Isobe and W. Meier, Improved division property based cube attacks exploiting algebraic properties of superpoly, International Cryptology Conference (Crypto), LNCS, Springer, 10991 (2018), 275–305.
doi: 10.1007/978-3-319-96884-1_10. |
| [31] |
D. Williams, Probability with Martingales, Cambridge Mathematical Textbooks, 1st Edition, Cambridge University Press, 1991.
doi: 10.1017/CBO9780511813658.
|
| [32] |
B. Zhang, Fountain: A lightweight authenticated cipher (v1), NIST Lightweight Cryptography Competition, (2019), 1, https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/fountain-spec.pdf. |
| [33] |
B. Zhang and X. Gong, Another tradeoff attack on Sprout-like stream ciphers, International Conference on the Theory and Application of Cryptology and Information Security (Asiacrypt), LNCS, Springer, 9453 (2015), 561–585.
doi: 10.1007/978-3-662-48800-3_23. |
| [34] |
B. Zhang, X. Gong and W. Meier,
Fast correlation attacks on Grain-like small state stream ciphers, IACR Transactions on Symmetric Cryptology, 2017 (2017), 58-81.
|
show all references
References:
| [1] |
Lightweight Cryptography Standardization, Available from: https://csrc.nist.gov/projects/lightweight-cryptography. |
| [2] |
F. Armknecht and V. Mikhalev, On lightweight stream ciphers with shorter internal states, International Workshop on Fast Software Encryption (FSE), LNCS, Springer, 9054 (2015), 451–470.
doi: 10.1007/978-3-662-48116-5_22. |
| [3] |
J.-P. Aumasson, I. Dinur, W. Meier and A. Shamir, Cube testers and key recovery attacks on reduced-round MD6 and Trivium, International Workshop on Fast Software Encryption (FSE), LNCS, Springer, 5665 (2009), 1–22.
doi: 10.1007/978-3-642-03317-9_1. |
| [4] |
S. H. Babbage, Improved "exhaustive search" attacks on stream ciphers, European Convention on Security and Detection, IET, (1995), 161–166.
doi: 10.1049/cp:19950490. |
| [5] |
S. Banik, Some results on Sprout, International Conference on Cryptology in India (Indocrypt), LNCS, Springer, 9462 (2015), 124–139.
doi: 10.1007/978-3-319-26617-6_7. |
| [6] |
S. Banik, T. Isobe, T. Cui and J. Guo,
Some cryptanalytic results on Lizard, IACR Transactions on Symmetric Cryptology, 2017 (2017), 82-98.
|
| [7] |
A. Biryukov and A. Shamir, Cryptanalytic time/memory/data tradeoffs for stream ciphers, International Conference on the Theory and Application of Cryptology and Information Security (Asiacrypt), LNCS, Springer, 1976 (2000), 1–13.
doi: 10.1007/3-540-44448-3_1. |
| [8] |
A. Biryukov, A. Shamir and D. Wagner, Real time cryptanalysis of A5/1 on a PC, International Workshop on Fast Software Encryption (FSE), LNCS, Springer, 1978 (2000), 37–44.
doi: 10.1007/3-540-44706-7_1. |
| [9] |
S. Dey, T. Roy and S. Sarkar, Some results on Fruit, Designs, Codes and Cryptography, Springer, 87 (2019), 349–364.
doi: 10.1007/s10623-018-0533-y. |
| [10] |
I. Dinur and A. Shamir, Cube attacks on tweakable black box polynomials, Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt), LNCS, Springer, 5479 (2009), 278–299.
doi: 10.1007/978-3-642-01001-9_16. |
| [11] |
M. F. Esgin and O. Kara, Practical cryptanalysis of full Sprout with TMD tradeoff attacks, International Conference on Selected Areas in Cryptography (SAC), LNCS, Springer, 9566 (2015), 67–85.
doi: 10.1007/978-3-319-31301-6_4. |
| [12] |
V. A. Ghafari and H. Hu,
A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a, Journal of Ambient Intelligence and Humanized Computing, Springer, 10 (2019), 2393-2400.
|
| [13] |
V. A. Ghafari, H. Hu and Y. Chen, Fruit-80: A secure ultra-lightweight stream cipher for constrained environments, Entropy, Multidisciplinary Digital Publishing Institute, 20 (2018), 180. |
| [14] |
V. A. Ghafari, H. Hu and M. Alizadeh, Necessary conditions for designing secure stream ciphers with the minimal internal states, IACR Cryptol. ePrint Arch., (2017), 765. |
| [15] |
J. Golić, Cryptanalysis of alleged A5 stream cipher, International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt), LNCS, Springer, 1233 (1997), 239–255. |
| [16] |
C. M. Grinstead and J. L. Snell, Introduction to Probability, American Mathematical Society, 2012. |
| [17] |
M. Hamann, M. Krause, W. Meier and B. Zhang, Design and analysis of small-state Grain-like stream ciphers, Cryptography and Communications, Springer, 10 (2018), 803–834.
doi: 10.1007/s12095-017-0261-6. |
| [18] |
M. Hamann, M. Krause and W. Meier,
LIZARD - A lightweight stream cipher for power-constrained devices, IACR Transactions on Symmetric Cryptology, 2017 (2017), 45-79.
|
| [19] |
M. Hell, T. Johansson and W. Meier,
Grain: A stream cipher for constrained environments, International Journal of Wireless and Mobile Computing, 2 (2007), 86-93.
doi: 10.1504/IJWMC.2007.013798. |
| [20] |
M. E. Hellman,
A cryptanalytic time-memory trade-off, IEEE Transactions on Information Theory, 26 (1980), 401-406.
doi: 10.1109/TIT.1980.1056220. |
| [21] |
V. Lallemand and M. N. Plasencia, Cryptanalysis of full Sprout, Annual Cryptology Conference (Crypto), LNCS, Springer, 9215 (2015), 663–682.
doi: 10.1007/978-3-662-47989-6_32. |
| [22] |
S. Maitra, N. Sinha, A. Siddhanti, R. Anand and S. Gangopadhyay,
A TMDTO attack against Lizard, IEEE Transactions on Computers, 67 (2017), 733-739.
doi: 10.1109/TC.2017.2773062. |
| [23] |
S. Maitra, S. Sarkar, A. Baksi and P. Dey, Key recovery from state information of Sprout: Application to cryptanalysis and fault attack, IPSI Transactions on Advanced Research, 12 (2016). |
| [24] |
S. Maitra, A. Siddhanti and S. Sarkar,
A differential fault attack on Plantlet, IEEE Transactions on Computers, 66 (2017), 1804-1808.
doi: 10.1109/TC.2017.2700469. |
| [25] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai,
Internal state recovery of Grain-v1 employing normality order of the filter function, IET Information Security, 6 (2012), 55-64.
|
| [26] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai,
Generic cryptographic weakness of $k$-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128, Periodica Mathematica Hungarica, 65 (2012), 205-227.
doi: 10.1007/s10998-012-4631-8. |
| [27] |
V. Mikhalev, F. Armknecht and C. Müller,
On ciphers that continuously access the non-volatile key, IACR Transactions on Symmetric Cryptology, 2016 (2016), 52-79.
doi: 10.46586/tosc.v2016.i2.52-79. |
| [28] |
R. Posteuca, Related-key differential slide attack against Fountain V1, Proceedings of the Romanian Academy, Series A, 21 (2020), 61–68. |
| [29] |
S. Sarkar, S. Maitra and A. Baksi,
Observing biases in the state: Case studies with Trivium and Trivia-sc, Designs, Codes and Cryptography, 82 (2017), 351-375.
doi: 10.1007/s10623-016-0211-x. |
| [30] |
Q. Wang, Y. Hao, Y. Todo, C. Li, T. Isobe and W. Meier, Improved division property based cube attacks exploiting algebraic properties of superpoly, International Cryptology Conference (Crypto), LNCS, Springer, 10991 (2018), 275–305.
doi: 10.1007/978-3-319-96884-1_10. |
| [31] |
D. Williams, Probability with Martingales, Cambridge Mathematical Textbooks, 1st Edition, Cambridge University Press, 1991.
doi: 10.1017/CBO9780511813658.
|
| [32] |
B. Zhang, Fountain: A lightweight authenticated cipher (v1), NIST Lightweight Cryptography Competition, (2019), 1, https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/fountain-spec.pdf. |
| [33] |
B. Zhang and X. Gong, Another tradeoff attack on Sprout-like stream ciphers, International Conference on the Theory and Application of Cryptology and Information Security (Asiacrypt), LNCS, Springer, 9453 (2015), 561–585.
doi: 10.1007/978-3-662-48800-3_23. |
| [34] |
B. Zhang, X. Gong and W. Meier,
Fast correlation attacks on Grain-like small state stream ciphers, IACR Transactions on Symmetric Cryptology, 2017 (2017), 58-81.
|
Table 1.
S-box for key-IV initialization phase
| : | |||||||||||||||||
| : |
| : | |||||||||||||||||
| : |
Table 2.
Integrated S-box for key-IV initialization phase
| : | |||||||||||||||||
| : |
| : | |||||||||||||||||
| : |
Table 3.
Distinguishing attack on Fountain v1
| Cube | Cube variable indices | Probability of superpoly = 0 | ||||||||
| Size | Rounds | |||||||||
| Cube | Cube variable indices | Probability of superpoly = 0 | ||||||||
| Size | Rounds | |||||||||
Table 4.
TMDTO parameters for Fountain v1
| Time | Memory | Data | Pre-processing |
| Time | Memory | Data | Pre-processing |
Table 5.
State bits recovery
| Keystream bit | Equation | Guessed bits | Feedback | Recovered |
| bits | bit | |||
| Keystream bit | Equation | Guessed bits | Feedback | Recovered |
| bits | bit | |||
| [1] |
Xiangxiang Huang, Xianping Guo, Jianping Peng. A probability criterion for zero-sum stochastic games. Journal of Dynamics and Games, 2017, 4 (4) : 369-383. doi: 10.3934/jdg.2017020 |
| [2] |
Marianne Akian, Stéphane Gaubert, Antoine Hochart. Ergodicity conditions for zero-sum games. Discrete and Continuous Dynamical Systems, 2015, 35 (9) : 3901-3931. doi: 10.3934/dcds.2015.35.3901 |
| [3] |
Sylvain Sorin, Guillaume Vigeral. Reversibility and oscillations in zero-sum discounted stochastic games. Journal of Dynamics and Games, 2015, 2 (1) : 103-115. doi: 10.3934/jdg.2015.2.103 |
| [4] |
Antoine Hochart. An accretive operator approach to ergodic zero-sum stochastic games. Journal of Dynamics and Games, 2019, 6 (1) : 27-51. doi: 10.3934/jdg.2019003 |
| [5] |
Alexander J. Zaslavski. Structure of approximate solutions of dynamic continuous time zero-sum games. Journal of Dynamics and Games, 2014, 1 (1) : 153-179. doi: 10.3934/jdg.2014.1.153 |
| [6] |
Zhi-Wei Sun. Unification of zero-sum problems, subset sums and covers of Z. Electronic Research Announcements, 2003, 9: 51-60. |
| [7] |
Qingmeng Wei, Zhiyong Yu. Time-inconsistent recursive zero-sum stochastic differential games. Mathematical Control and Related Fields, 2018, 8 (3&4) : 1051-1079. doi: 10.3934/mcrf.2018045 |
| [8] |
Beatris A. Escobedo-Trujillo. Discount-sensitive equilibria in zero-sum stochastic differential games. Journal of Dynamics and Games, 2016, 3 (1) : 25-50. doi: 10.3934/jdg.2016002 |
| [9] |
Fernando Luque-Vásquez, J. Adolfo Minjárez-Sosa. Average optimal strategies for zero-sum Markov games with poorly known payoff function on one side. Journal of Dynamics and Games, 2014, 1 (1) : 105-119. doi: 10.3934/jdg.2014.1.105 |
| [10] |
Alexander J. Zaslavski. Turnpike properties of approximate solutions of dynamic discrete time zero-sum games. Journal of Dynamics and Games, 2014, 1 (2) : 299-330. doi: 10.3934/jdg.2014.1.299 |
| [11] |
Valery Y. Glizer, Oleg Kelis. Singular infinite horizon zero-sum linear-quadratic differential game: Saddle-point equilibrium sequence. Numerical Algebra, Control and Optimization, 2017, 7 (1) : 1-20. doi: 10.3934/naco.2017001 |
| [12] |
Salah Eddine Choutri, Boualem Djehiche, Hamidou Tembine. Optimal control and zero-sum games for Markov chains of mean-field type. Mathematical Control and Related Fields, 2019, 9 (3) : 571-605. doi: 10.3934/mcrf.2019026 |
| [13] |
Libin Mou, Jiongmin Yong. Two-person zero-sum linear quadratic stochastic differential games by a Hilbert space method. Journal of Industrial and Management Optimization, 2006, 2 (1) : 95-117. doi: 10.3934/jimo.2006.2.95 |
| [14] |
Fabien Gensbittel, Miquel Oliu-Barton, Xavier Venel. Existence of the uniform value in zero-sum repeated games with a more informed controller. Journal of Dynamics and Games, 2014, 1 (3) : 411-445. doi: 10.3934/jdg.2014.1.411 |
| [15] |
René Carmona, Kenza Hamidouche, Mathieu Laurière, Zongjun Tan. Linear-quadratic zero-sum mean-field type games: Optimality conditions and policy optimization. Journal of Dynamics and Games, 2021, 8 (4) : 403-443. doi: 10.3934/jdg.2021023 |
| [16] |
Chandan Pal, Somnath Pradhan. Zero-sum games for pure jump processes with risk-sensitive discounted cost criteria. Journal of Dynamics and Games, 2022, 9 (1) : 13-25. doi: 10.3934/jdg.2021020 |
| [17] |
Abd El-Monem A. Megahed, Ebrahim A. Youness, Hebatallah K. Arafat. Optimization method in counter terrorism: Min-Max zero-sum differential game approach. Numerical Algebra, Control and Optimization, 2022 doi: 10.3934/naco.2022013 |
| [18] |
Josef Hofbauer, Sylvain Sorin. Best response dynamics for continuous zero--sum games. Discrete and Continuous Dynamical Systems - B, 2006, 6 (1) : 215-224. doi: 10.3934/dcdsb.2006.6.215 |
| [19] |
Vladimir Ejov, Anatoli Torokhti. How to transform matrices $U_1, \ldots, U_p$ to matrices $V_1, \ldots, V_p$ so that $V_i V_j^T= {\mathbb O} $ if $ i \neq j $?. Numerical Algebra, Control and Optimization, 2012, 2 (2) : 293-299. doi: 10.3934/naco.2012.2.293 |
| [20] |
Zhongbao Zhou, Yanfei Bai, Helu Xiao, Xu Chen. A non-zero-sum reinsurance-investment game with delay and asymmetric information. Journal of Industrial and Management Optimization, 2021, 17 (2) : 909-936. doi: 10.3934/jimo.2020004 |
2020 Impact Factor: 0.935
Tools
Article outline
Figures and Tables
[Back to Top]