Abstract | ||
---|---|---|
Sprout is a new lightweight stream cipher proposed at FSE 2015. According to its designers, Sprout can resist time-memory-data trade-o (TMDTO) attacks with small internal state size. However, we nd a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attacks on full Sprout. Under the related-key setting, our attacks enable the adversary to detect non-randomness on full 320-round Sprout with a practical complexity of ~ O(2 4 ) and nd collisions in 256 output bits of full Sprout with a complexity of ~ O(2 7 ). Furthermore, when considering possible remedies, we nd that only by modifying the up- dating functions and output function seems unlikely to equip Sprout with better resistance against this kind of distinguisher. Therefore, it is necessary for designers to give structural modications. |
Year | Venue | Field |
---|---|---|
2015 | IACR Cryptology ePrint Archive | Computer security,Computer science,Theoretical computer science,Stream cipher,Adversary,Distinguishing attack |
DocType | Volume | Citations |
Journal | 2015 | 4 |
PageRank | References | Authors |
0.50 | 12 | 1 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yonglin Hao | 1 | 5 | 1.87 |