Tight Security Bounds for Generic Stream Cipher Constructions

@article{Hamann2019TightSB,
  title={Tight Security Bounds for Generic Stream Cipher Constructions},
  author={Matthias Hamann and Matthias Krause},
  journal={IACR Cryptol. ePrint Arch.},
  year={2019},
  volume={2019},
  pages={7}
}
The design of modern stream ciphers is strongly influenced by the fact that Time-Memory-Data tradeoff (TMD-TO) attacks reduce their effective key length to half of the inner state length. The classical solution is to design the cipher in accordance with the Large-State-Small-Key principle, which implies that the state length is at least twice as large as the session key length. In lightweight cryptography, considering heavily resource-constrained devices, a large amount of inner state cells is… 
The DRACO Stream Cipher A Power-efficient Small-state Stream Cipher with Full Provable Security against TMDTO Attacks
TLDR
A proof that CIVK provides full security with regard to the volatile internal state length against distinguishing attacks is presented, which makes Draco a suitable cipher choice for ultra-lightweight devices like RFID tags.
On designing secure small-state stream ciphers against time-memory-data tradeoff attacks
TLDR
To resolve security threat, the current paper proposes constructions, based on storing key or IV bits, that are the first to provide full security against TMDTO attacks.

References

SHOWING 1-10 OF 33 REFERENCES
Design and analysis of small-state grain-like stream ciphers
TLDR
This paper provides generic distinguishers for Plantlet and Fruit with complexity significantly smaller than that of exhaustive key search, and proposes a new design idea for small-state stream ciphers, which might allow to finally achieve full security against TMD tradeoff attacks.
On Lightweight Stream Ciphers with Shorter Internal States
To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter.
Grain: a stream cipher for constrained environments
TLDR
A new stream cipher, Grain, is proposed, which targets hardware environments where gate count, power consumption and memory is very limited and has the additional feature that the speed can be increased at the expense of extra hardware.
On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks
TLDR
The Lizard-construction is proposed and analyzed, a new way to build stream ciphers that has an inner state length of only 121 bits and surpasses Grain v1, the most hardware efficient member of the eSTREAM portfolio, in important metrics for lightweight cipher such as chip area and power consumption.
Improved “exhaustive search” attacks on stream ciphers
TLDR
This paper draws attention to two attacks on stream cipher systems which, although their complexity grows exponentially with the size of the KG state, are more efficient than a simple-minded search through all possible KG states.
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
TLDR
This paper shows that a combination of the two approaches has an improved time/memory/data tradeoff for stream ciphers of the form TM2D2 = N2 for any D2 ≤ T ≤ N.
New Constructions of MACs from (Tweakable) Block Ciphers
TLDR
The security bounds obtained are quite strong: they are beyond the birthday bound, and nonce-based/randomized variants provide graceful security degradation in case of misuse, i.e., the security bound degrades linearly with the maximal number of repetitions of nonces/random values.
LIZARD - A Lightweight Stream Cipher for Power-constrained Devices
TLDR
Lizard is presented, a lightweight stream cipher for power-constrained devices like passive RFID tags that offers provable 2 / 3 n -security against TMD tradeoff attacks aiming at key recovery.
On designing secure small-state stream ciphers against time-memory-data tradeoff attacks
TLDR
To resolve security threat, the current paper proposes constructions, based on storing key or IV bits, that are the first to provide full security against TMDTO attacks.
On Ciphers that Continuously Access the Non-Volatile Key
TLDR
This work focuses on the case that the key is stored in EEPROM and derives that some designs, based on the impact on their throughput, are better suited for the approach of continuously reading the key from all types of non-volatile memory.
...
...