New State Recovery Attacks on the Grain v1 Stream Cipher

作     者：Lin Ding Chenhui Jin Jie Guan Shaowu Zhang Junzhi Li Hong Wang Wei Zhao 

作者机构：Zhengzhou Information Science and Technology Institute 450000 Zhengzhou China Science and Technology on Communication Security Laboratory 610041 Chengdu China 

出 版 物：《China Communications》 (中国通信（英文版）)

年 卷 期：2016年第13卷第11期

页      面：180-188页

核心收录：

学科分类：11[军事学] 1105[军事学-军队指挥学] 0839[工学-网络空间安全] 08[工学] 110505[军事学-密码学] 110503[军事学-军事通信学] 

基　　金：supported in part by the National Natural Science Foundation of China (Grant No.61202491,61272041,61272488,61402523,61602514) the Science and Technology on Communication Security Laboratory Foundation of China under Grant No.9140C110303140C11051 

主　　题：cryptanalysis grain v1 stream cipher weak normality order 

摘      要：The Grain v1 stream cipher is one of the seven finalists in the final e STREAM portfolio. Though many attacks have been published,no recovery attack better than exhaustive key search on full Grain v1 in the single key setting has been found yet. In this paper,new state recovery attacks on Grain v1 utilizing the weak normality order of the employed keystream output function in the cipher are proposed. These attacks have remarkable advantages in the offline time,online time and memory complexities,which are all better than exhaustive key search. The success probability of each new attack is 0.632. The proposed attack primarily depends on the order of weak normality of the employed keystream output function. This shows that the weak normality order should be carefully considered when designing the keystream output functions of Grain-like stream ciphers.