Two generic methods of analyzing stream ciphers

Abstract

Since the security analysis against stream ciphers becomes more difficult nowadays, it is urgent and significant to propose new generic methods. In this work, we introduce guess-and-determine techniques to two traditional analysis methods and make the new approaches methodological for generalization. We show the power of the new methods by analyzing two stream ciphers: Grain-v1 and ACORN. Grain-v1 is one of the finalists selected in the eSTREAM project. We present a timememory- data tradeoff attack against Grain-v1 by importing the idea of conditional sampling resistance based on the k-linear-normality and a specific guessing path, with the parameters of 261 time online employing a memory of 271 assuming available keystream of 279 and 281 preprocessing time, which are much better than the best tradeoffs in the single key and IV pair setting so far. We transform the parameters into cipher ticks, and all the complexities are lower than 287.4 cipher ticks, which is the actual complexity of the brute force attack. We also evaluate the security of another lightweight authenticated cipher ACORN, since there is few security analysis of the recently submitted cipher to CAESAR competition. The analysis against this cipher emphasizes on finding the linear approximations of the output function and the efficiently guessed combination information of the upstate function, and exploiting the integer linear programming problem as a tool to search the optimal complexity. Our attack calls for 2157 tests, which estimate the security margin of ACORN.