Some cryptanalytic results on Lizard

Authors

  • Subhadeep Banik Security and Cryptography Laboratory (LASEC), École Polytechnique Fédérale de Lausanne, Switzerland; Cryptanalysis Taskforce, Nanyang Technological University, Singapore
  • Takanori Isobe University of Hyogo, Hyogo, Japan
  • Tingting Cui Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education,Shandong University, Shandong, China;Cryptanalysis Taskforce, Nanyang Technological University, Singapore, Singapore
  • Jian Guo Cryptanalysis Taskforce, Nanyang Technological University, Singapore, Singapore

DOI:

https://doi.org/10.13154/tosc.v2017.i4.82-98

Keywords:

Grain v1, Lizard, Stream Cipher

Abstract

Lizard is a lightweight stream cipher proposed by Hamann, Krause and Meier in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 90 and 31 bits. The cipher uses a 120-bit secret key and a 64-bit IV. The authors claim that Lizard provides 80-bit security against key recovery attacks and a 60-bit security against distinguishing attacks. In this paper, we present an assortment of results and observations on Lizard. First, we show that by doing 258 random trials it is possible to find a set of 264 triplets (K, IV0, IV1) such that the Key-IV pairs (K, IV0) and (K, IV1) produce identical keystream bits. Second, we show that by performing only around 228 random trials it is possible to obtain 264 Key-IV pairs (K0, IV0) and (K1, IV1) that produce identical keystream bits. Thereafter, we show that one can construct a distinguisher for Lizard based on IVs that produce shifted keystream sequences. The process takes around 251.5 random IV encryptions (with encryption required to produce 218 keystream bits) and around 276.6 bits of memory. Next, we propose a key recovery attack on a version of Lizard with the number of initialization rounds reduced to 223 (out of 256) based on IV collisions. We then outline a method to extend our attack to 226 rounds. Our results do not affect the security claims of the designers.

Published

2017-12-15

Issue

Section

Articles

How to Cite

Some cryptanalytic results on Lizard. (2017). IACR Transactions on Symmetric Cryptology, 2017(4), 82-98. https://doi.org/10.13154/tosc.v2017.i4.82-98