Cryptanalysis of Full Sprout

Abstract : A new method for reducing the internal state size of stream cipher registers has been proposed in FSE 2015, allowing to reduce the area in hardware implementations. Along with it, an instantiated proposal of a cipher was also proposed: Sprout. In this paper, we analyze the security of Sprout, and we propose an attack that recovers the whole key more than 210 times faster than exhaustive search and has very low data complexity. The attack can be seen as a divide-and-conquer evolved technique, that exploits the non-linear in uence of the key bits on the update function. We have implemented the attack on a toy version of Sprout, that conserves the main properties exploited in the attack. The attack completely matches the expected complexities predicted by our theoretical cryptanalysis, which proves its validity. We believe that our attack shows that a more careful analysis should be done in order to instantiate the proposed design method.
Type de document :
Communication dans un congrès
Advances in Cryptology - CRYPTO 2015 (Part I), Aug 2015, Santa Barbara, United States. Springer, 9215, pp.663-682, Lecture Notes in Computer Science. 〈http://www.iacr.org/conferences/crypto2015/〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01237150
Contributeur : Virginie Lallemand <>
Soumis le : mercredi 2 décembre 2015 - 18:00:26
Dernière modification le : vendredi 25 mai 2018 - 12:02:05

Identifiants

  • HAL Id : hal-01237150, version 1

Collections

Citation

Virginie Lallemand, María Naya-Plasencia. Cryptanalysis of Full Sprout. Advances in Cryptology - CRYPTO 2015 (Part I), Aug 2015, Santa Barbara, United States. Springer, 9215, pp.663-682, Lecture Notes in Computer Science. 〈http://www.iacr.org/conferences/crypto2015/〉. 〈hal-01237150〉

Partager

Métriques

Consultations de la notice

77