Sprout is a new lightweight stream cipher proposed at FSE 2015.
According to its designers, Sprout can resist time-memory-data trade-off (TMDTO) attacks with small internal state size.
However, we find a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attack on full Sprout.
Our attack enable the adversary to detect non-randomness on full 320-round Sprout with a practical complexity (no more than $2^{20}$ key-IV pairs).
↧