Internal state recovery of Grain-v1 employing normality order of the filter function

Abstract

A novel technique for cryptanalysis of the stream cipher Grain-v1 is given. In a particular setting, the algorithms proposed in this study provide recovery of an internal state of Grain-v1 with the expected time complexity of only 2 54 table look-up operations employing a memory of dimension ∼2 70, assuming availability of 2 34 keystream sequences each of length 2 38 generated for different initial values, and the pre-processing time complexity of ∼2 88. These figures appear as significantly better in comparison with the previously reported ones. The proposed approach for cryptanalysis primarily depends on the order of normality of the employed Boolean function in Grain-v1. Accordingly, in addition to the security evaluation insights of Grain-v1, the results of this study are also an evidence of the cryptographic significance of the normality criteria of Boolean functions.