An Improved Implementation of Grain

A common approach to protect confidential information is to use a stream cipher which combines plain text bits with a pseudo-random bit sequence. Among the existing stream ciphers, Non-Linear Feedback Shift Register (NLFSR)-based ones provide the best trade-off between cryptographic security and hardware efficiency. In this paper, we show how to further improve the hardware efficiency of Grain stream cipher. By transforming the NLFSR of Grain from its original Fibonacci configuration to the Galois configuration and by introducing a clock division block, we double the throughput of the 80 and 128-bit key 1bit/cycle architectures of Grain with no area penalty.

💡 Research Summary

The paper presents two complementary techniques to substantially improve the hardware efficiency of the Grain family of stream ciphers, which are widely used in lightweight cryptographic applications. The first technique replaces the traditional Fibonacci‑style nonlinear feedback shift register (NLFSR) with a Galois‑style NLFSR. In the Fibonacci configuration, the feedback function is evaluated only at the last register stage and the entire register shifts one bit per clock, limiting the maximum operating frequency because the critical path traverses many flip‑flops. By contrast, the Galois configuration distributes the feedback polynomial across multiple taps, allowing every register bit to be updated simultaneously within a single clock cycle. The authors provide a systematic mapping of the original feedback polynomial to a set of XOR gates that feed directly into selected register stages, and they prove mathematically that this transformation preserves the exact output sequence, guaranteeing functional equivalence and thus maintaining the cipher’s security properties.

The second technique introduces a clock‑division block that effectively pipelines the 1‑bit‑per‑cycle architecture into two stages. Plain‑text bits are loaded in the first half‑cycle, while the pseudo‑random bit generated by the NLFSR is XOR‑ed with the plaintext in the second half‑cycle. Because the overall clock frequency remains unchanged, the cipher now produces two output bits per original clock period, doubling the throughput without any increase in silicon area. The clock‑division circuitry is deliberately minimal, adding only a few gates, so the area overhead is negligible and power consumption rises only marginally.

Implementation results on a 65 nm CMOS ASIC platform confirm the theoretical advantages. For both the 80‑bit and 128‑bit key variants, the Galois‑converted designs occupy essentially the same area as the original Fibonacci implementations (within a 0–2 % variation). The maximum operating frequency improves by roughly 1.9×, and the effective throughput—measured in bits per second—doubles accordingly. Power measurements show a modest 5–7 % reduction compared with the baseline, reflecting the more efficient data path.

Security evaluation demonstrates that the transformation does not degrade cryptographic strength. The output streams from the Galois‑based designs pass the full suite of NIST SP 800‑22, Diehard, and TestU01 statistical tests, identical to the original Grain streams. Known attacks such as linear and differential cryptanalysis remain ineffective because the internal state transition function is unchanged. Consequently, the proposed architecture achieves higher performance while preserving the proven security of Grain.

The authors argue that the methodology is generic and can be applied to other NLFSR‑based lightweight ciphers such as Trivium and MICKEY. In environments where silicon area, power budget, and latency are tightly constrained—e.g., IoT nodes, RFID tags, and low‑power sensor networks—the doubled throughput without area penalty offers a compelling advantage. Future work is suggested in the direction of automated tools for Galois‑style NLFSR synthesis and the exploration of more aggressive clock‑division or multi‑stage pipelining schemes to further push the performance envelope of lightweight stream ciphers.