1. Fast Near Collision Attack on the Grain v1 Stream Cipher 2018 Attacks Cryptanalysis Eurocrypt
    Bin Zhang, Chao Xu, and Willi Meier
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    @misc{cryptoeprint:2018:145,
    author = {Bin Zhang and Chao Xu and Willi Meier},
    title = {Fast Near Collision Attack on the Grain v1 Stream Cipher},
    howpublished = {Cryptology ePrint Archive, Report 2018/145},
    year = {2018},
    note = {\url{https://eprint.iacr.org/2018/145}},
    }

Modern stream ciphers often adopt a large internal state to resist various attacks, where the cryptanalysts have to deal with a large number of variables when mounting state recovery attacks. In this paper, we propose a general new cryptanalytic method on stream ciphers, called fast near collision attack, to address this situation. It combines a near collision property with the divide-and-conquer strategy so that only subsets of the internal state, associated with different keystream vectors, are recovered first and merged carefully later to retrieve the full large internal state. A self-contained method is introduced and improved to derive the target subset of the internal state from the partial state difference efficiently. As an application, we propose a new key recovery attack on Grain v1, one of the 7 finalists selected by the eSTREAM project, in the single-key setting. Both the pre-computation and the online phases are tailored according to its internal structure, to provide an attack for any fixed IV in 275.7 cipher ticks after the pre-computation of 28.1 cipher ticks, given 228-bit memory and about 219 keystream bits. Practical experiments on Grain v1 itself whenever possible and on a 80-bit reduced version confirmed our results.

  1.