Fault analysis and weak key-IV attack on Sprout

5 years 6 months ago
Fault analysis and weak key-IV attack on Sprout
:- Armknecht and Mikhalev proposed a new stream cipher ‘Sprout’ based on the design specification of the stream cipher, Grain-128a. Sprout has shorter state size than Grain family with a round key function. The output of the round key function is XOR’ed with the feedback bit of the NFSR of the cipher. In this paper, we propose a new fault attack on Sprout by injecting a single bit fault after the key initialization phase at any arbitrary position of the NFSR of the cipher. By injecting a single bit fault, we recover the bits of the secret key of the cipher by observing the normal and faulty keystream bits at certain clockings of the cipher. By implementing the attack, we verify our result for one particular case. We also show that the Sprout generates same states for several rounds in key initialization phase for two different key-IV pairs, which proves that the key initialization round is having very poor period.
Dibyendu Roy, Sourav Mukhopadhyay
Added 03 Apr 2016
Updated 03 Apr 2016
Type Journal
Year 2016
Where IACR
Authors Dibyendu Roy, Sourav Mukhopadhyay
Comments (0)