Security Analysis of Fountain V1

This paper analyses the security of the lightweight cryptographic algorithm Fountain (V1), which is a candidate in the current NIST competition for such ciphers. We examine the Boolean functions used in Fountain for state update and output. We show that correlations exist between S-box functions and some register stages that may lead to correlation attacks if certain update functions are detectable. We also show that the state update function avoids state convergence in any phase of cipher operation, but state collisions may be forced in one bit position, for select states, by manipulating the associated data or plaintext.