TY - GEN
T1 - An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware
AU - Dinur, Itai
AU - Güneysu, Tim
AU - Paar, Christof
AU - Shamir, Adi
AU - Zimmermann, Ralf
PY - 2011/12/12
Y1 - 2011/12/12
N2 - In this paper we describe the first single-key attack which can recover the full key of the full version of Grain-128 for arbitrary keys by an algorithm which is significantly faster than exhaustive search (by a factor of about 238). It is based on a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate the previously made assumption that ten particular key bits are zero. In addition, the new attack is much faster than the previous weak-key attack, and has a simpler key recovery process. Since it is extremely difficult to mathematically analyze the expected behavior of such attacks, we implemented it on RIVYERA, which is a new massively parallel reconfigurable hardware, and tested its main components for dozens of random keys. These tests experimentally verified the correctness and expected complexity of the attack, by finding a very significant bias in our new cube tester for about 7.5% of the keys we tested. This is the first time that the main components of a complex analytical attack are successfully realized against a full-size cipher with a special-purpose machine. Moreover, it is also the first attack that truly exploits the configurable nature of an FPGA-based cryptanalytical hardware.
AB - In this paper we describe the first single-key attack which can recover the full key of the full version of Grain-128 for arbitrary keys by an algorithm which is significantly faster than exhaustive search (by a factor of about 238). It is based on a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate the previously made assumption that ten particular key bits are zero. In addition, the new attack is much faster than the previous weak-key attack, and has a simpler key recovery process. Since it is extremely difficult to mathematically analyze the expected behavior of such attacks, we implemented it on RIVYERA, which is a new massively parallel reconfigurable hardware, and tested its main components for dozens of random keys. These tests experimentally verified the correctness and expected complexity of the attack, by finding a very significant bias in our new cube tester for about 7.5% of the keys we tested. This is the first time that the main components of a complex analytical attack are successfully realized against a full-size cipher with a special-purpose machine. Moreover, it is also the first attack that truly exploits the configurable nature of an FPGA-based cryptanalytical hardware.
KW - Grain-128
KW - RIVYERA
KW - cryptanalysis
KW - cube attacks
KW - cube testers
KW - experimental verification
KW - stream cipher
UR - http://www.scopus.com/inward/record.url?scp=82955184617&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-25385-0_18
DO - 10.1007/978-3-642-25385-0_18
M3 - Conference contribution
AN - SCOPUS:82955184617
SN - 9783642253843
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 327
EP - 343
BT - Advances in Cryptology, ASIACRYPT 2011 - 17th International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
T2 - 17th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2011
Y2 - 4 December 2011 through 8 December 2011
ER -