On analysis of lightweight stream ciphers with keyed update

Orhun Kara, Muhammed F. Esgin

Research output: Contribution to journalArticleResearchpeer-review

3 Citations (Scopus)

Abstract

As the need for lightweight cryptography has grown even more due to the evolution of the Internet of Things, it has become a greater challenge for cryptographers to design ultra lightweight stream ciphers in compliance with the rule of thumb that the internal state size should be at least twice as the key size to defend against generic Time-Memory-Data Tradeoff (TMDT) attacks. However, Recently in 2015, Armknecht and Mikhalev sparked a new light on designing keystream generators (KSGs), which in turn yields stream ciphers, with small internal states, called KSG with Keyed Update Function (KSG with KUF), and gave a concrete construction named Sprout. But, currently, security analysis of KSGs with KUF in a general setting is almost non-existent. Our contribution in this paper is two-fold. 1) We give a general mathematical setting for KSGs with KUF, and for the first time, analyze a class of such KSGs, called KSGs with Boolean Keyed Feedback Function (KSG with Boolean KFF), generically. In particular, we develop two generic attack algorithms applicable to any KSG with Boolean KFF having almost arbitrary output and feedback functions where the only requirement is that the secret key incorporation is biased. We introduce an upper bound for the time complexity of the first algorithm. Our extensive experiments validate our algorithms and assumptions made thereof. 2) We study Sprout to show the effectiveness of our algorithms in a practical instance. A straightforward application of our generic algorithm yields one of the most successful attacks on Sprout.

Original languageEnglish
Pages (from-to)99-110
Number of pages12
JournalIEEE Transactions on Computers
Volume68
Issue number1
DOIs
Publication statusPublished - 1 Jan 2019

Keywords

  • keyed update function
  • keystream generator
  • Lightweight cipher
  • sprout
  • stream cipher
  • symmetric encryption
  • time-memory-data tradeoff

Cite this