Paper 2009/218

Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128

Jean-Philippe Aumasson, Itai Dinur, Luca Henzen, Willi Meier, and Adi Shamir

Abstract

Cube testers are a generic class of methods for building disstinguishers, based on cube attacks and on algebraic property-testers. In this paper, we report on an efficient FPGA implementation of cube testers on the stream cipher Grain-128. Our best result (a distinguisher on Grain-128 reduced to 237 rounds, out of 256) was achieved after a computation involving 2^54 clockings of Grain-128, with a 256×32 parallelization. An extrapolation of our results with standard methods suggests the possibility of a distinguishing attack on the full Grain-128 in time 2^83, which is well below the 2^128 complexity of exhaustive search. We also describe the method used for finding good cubes (a simple evolutionary algorithm), and report preliminary results on Grain-v1 obtained with a bitsliced C implementation.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
stream cipherFPGAcube testercube attack
Contact author(s)
jeanphilippe aumasson @ gmail com
History
2009-05-27: revised
2009-05-26: received
See all versions
Short URL
https://ia.cr/2009/218
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/218,
      author = {Jean-Philippe Aumasson and Itai Dinur and Luca Henzen and Willi Meier and Adi Shamir},
      title = {Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128},
      howpublished = {Cryptology ePrint Archive, Paper 2009/218},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/218}},
      url = {https://eprint.iacr.org/2009/218}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.