Support for Grain 128a known-plaintext attack

[iceman1001]

To implement a kernel for a generic Grain 128a plainttext attack.

take input  [known plaintext : encrypted text] (PT:CT)
compare result bytes with specified user known-plaintext
---if match, log result,
repeat

Havn't found a naive implementation.

Background Stream cipher, Grain 128a, uses a key (128bit), IV (96bit) and outputs 32bit MAC. The legic Advant tags uses the newer Grain 128a,

Grain 128a (with test vectors in appendix) , tips and suggestions on optimisation https://lup.lub.lu.se/search/ws/files/3454246/2296485.pdf wiki: https://en.wikipedia.org/wiki/Grain_128a

another paper, that also explains the cipher. http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=913678

[jsteube]

The most important question: Where is it used in?

[magnumripper]

http://www.legic.com/en/products-and-services/507894/applications.html http://www.legic.com/en/products-and-services/smartcard-ic-s/507936/advant-on-credit-card.html

[iceman1001]

Well, http://www.legic.com/en/1093628/atc256-atc1024.html further down this page, you see where it is used.

[Explorer1092]

I am also concerned about this issue, legic card use is very extensive. The realization of this algorithm, the rfid aspects of security have a great help