Grain (cipher)

Encyclopedia : G : GR : GRA : Grain (cipher)

Grain is a stream cipher designed for restricted hardware environments and submitted to eSTREAM in 2004 by Martin Hell, Thomas Johansson and Willi Meier. It has been selected as Phase 2 Focus Candidate for Profile 2 by the eSTREAM project.

An output stream of unlimited length is produced from an 80-bit key and 64-bit IV. The internal state is 160 bits: an 80-bit LFSR, and an 80-bit NFSR. In each round, a tap from the NFSR and four from the LFSR are combined by a nonlinear combining function to produce a bit, which is exclusive ored with another tap from the NFSR to produce an output bit. A bit from the LFSR is also fed into the NFSR and both are clocked. The LFSR guarantees that Grain has a period of at least 2⁸⁰ -1.

The cipher is designed to allow up to 16 such steps to be carried out in parallel, allowing faster implementations at the cost of greater hardware use.

The first version of Grain (now known as "Grain V0" Martin Hell, Thomas Johansson and Willi Meier, [Grain - A Stream Cipher for Constrained Environments] PDF) fell to cryptanalysis; the best attack currently known Côme Berbain, Henri Gilbert and Alexander Maximov, [Cryptanalysis of Grain] PDF requires 2⁴³ steps and 2³⁸ bits of keystream to recover the key. In response to this attack (and an earlier attack Shahram Khazaei, Mehdi Hassanzadeh and Mohammad Kiaei, [Distinguishing Attack on Grain] PDF) the designers have proposed a new version of the cipher, which they term "Grain V1" Martin Hell, Thomas Johansson and Willi Meier, [Grain - A Stream Cipher for Constrained Environments] PDF.

References