Improved conditional differential attacks on Grain v1

IET Inf. Secur. Pub Date : 2017-01-16 DOI:10.1049/iet-ifs.2015.0427

Zhen Ma, Tian Tian, Wen-feng Qi

{"title":"Improved conditional differential attacks on Grain v1","authors":"Zhen Ma, Tian Tian, Wen-feng Qi","doi":"10.1049/iet-ifs.2015.0427","DOIUrl":null,"url":null,"abstract":"Conditional differential cryptanalysis on NFSR-based cryptosystems was first proposed by Knellwolf et al. in Asiacrypt 2010 and has been successfully used to attack reduced variants of Grain v1. In this paper, we greatly improve conditional differential attacks on Grain v1 in the following four aspects. First, a new differential engine is derived to correctly track the differential trails of Grain v1. Second, we propose a new difference-searching strategy which serves to find suitable differences for the conditional differential attack on a given reduced variant of Grain v1. Third, a highly IV-saving condition-imposing strategy is presented. Last, we propose a further bias-increasing strategy. In particular, the improvements on the difference-searching strategy and the condition-imposing strategy are crucial to mount conditional differential attacks on the variants of Grain v1 with more than 106 rounds. It is shown that the improved conditional differential attacks could retrieve 31 distinct secret key expressions for 107-round Grain v1 and could retrieve 15 distinct secret key expressions for 110-round Grain v1. Both the attacks succeed with constant probabilities. Thus far, our results are the best known for the reduced variants of Grain v1 as far as the number of rounds attacked is concerned.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"122 1-2 1","pages":"46-53"},"PeriodicalIF":0.0000,"publicationDate":"2017-01-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2015.0427","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Conditional differential cryptanalysis on NFSR-based cryptosystems was first proposed by Knellwolf et al. in Asiacrypt 2010 and has been successfully used to attack reduced variants of Grain v1. In this paper, we greatly improve conditional differential attacks on Grain v1 in the following four aspects. First, a new differential engine is derived to correctly track the differential trails of Grain v1. Second, we propose a new difference-searching strategy which serves to find suitable differences for the conditional differential attack on a given reduced variant of Grain v1. Third, a highly IV-saving condition-imposing strategy is presented. Last, we propose a further bias-increasing strategy. In particular, the improvements on the difference-searching strategy and the condition-imposing strategy are crucial to mount conditional differential attacks on the variants of Grain v1 with more than 106 rounds. It is shown that the improved conditional differential attacks could retrieve 31 distinct secret key expressions for 107-round Grain v1 and could retrieve 15 distinct secret key expressions for 110-round Grain v1. Both the attacks succeed with constant probabilities. Thus far, our results are the best known for the reduced variants of Grain v1 as far as the number of rounds attacked is concerned.

查看原文本刊更多论文

改进了Grain v1的条件差分攻击

基于nfsr的密码系统的条件差分密码分析由Knellwolf等人在Asiacrypt 2010年首次提出，并已成功用于攻击Grain v1的简化变体。本文从以下四个方面对粒度v1的条件差分攻击进行了极大的改进。首先，推导了一种新的差分引擎，以正确跟踪Grain v1的差分轨迹。其次，我们提出了一种新的差分搜索策略，该策略用于寻找适合于条件差分攻击的给定粒度v1的约简变体。第三，提出了一种高度节约的附加条件策略。最后，我们提出了进一步增加偏倚的策略。特别是，差分搜索策略和条件施加策略的改进对于对超过106发的Grain v1变体进行条件差分攻击至关重要。结果表明，改进的条件差分攻击可以为107轮Grain v1检索到31个不同的秘密密钥表达式，为110轮Grain v1检索到15个不同的秘密密钥表达式。这两种攻击都以恒定的概率成功。到目前为止，就攻击次数而言，我们的结果最为人所知的是Grain v1的减少变体。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Inf. Secur.

自引率

0.00%

发文量