Abstract
Weaknesses in the Grain-128AEAD key re-introduction, as part of the
cipher initialization, are analyzed and discussed. We consider and analyze
several possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seems
favorable to separate the state initialization, the key re-introduction, and
the A/R register initialization into three separate phases. Based on this,
we propose a new cipher initialization and update the cipher version to
Grain-128AEADv2. It can be noted that previously reported and published analysis of the initialization remains valid also for this new versi
cipher initialization, are analyzed and discussed. We consider and analyze
several possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seems
favorable to separate the state initialization, the key re-introduction, and
the A/R register initialization into three separate phases. Based on this,
we propose a new cipher initialization and update the cipher version to
Grain-128AEADv2. It can be noted that previously reported and published analysis of the initialization remains valid also for this new versi
| Original language | English |
|---|---|
| Publisher | ARMGHM / NIST - CNRS |
| Publication status | Published - 2021 |
Subject classification (UKÄ)
- Computer Sciences