Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF

  • Alex Biryukov
  • Ilya Kizhvatov
  • Bin Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6715)


SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS’2010, it was shown that given 1 keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in 239.4 cipher ticks and if 2640 keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in 258 cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in 229.8 cipher ticks given 1 keystream frame; for CM, we can recover the secret key in 250 cipher ticks with around 24 frames. Practical implementation of the full attack confirms our results.


Stream ciphers RFID Frame SecureMemory CryptoMemory 


  1. 1.
    Aerts, W., Biham, E., de Moitie, D., de Mulder, E., Dunkelman, O., Indesteege, S., Keller, N., Preneel, B., Vandenbosch, G., Verbauwhede, I.: A practical attack on KeeLoq. Journal of Cryptology (to appear)Google Scholar
  2. 2.
    Atmel. CryptoMemory specification, 5211A-SMIC-04/07 (2007)Google Scholar
  3. 3.
    Benhammou, J.P., Colnot, V.C., Moore, D.J.: Secure memory device for smart cards, US Patent 7395435 B2 (July 2008)Google Scholar
  4. 4.
    Benhammou, J.P., Jarboe, M.: Security at an affordable price. Atmel Applications Journal 3, 29–30 (2004)Google Scholar
  5. 5.
    Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Dinur, I., Shamir, A.: Breaking Grain-128 with Dynamic Cube Attacks. In: Fast Software Encryption-FSE 2011. Springer, Heidelberg (2011) (to appear)Google Scholar
  7. 7.
    Dipert, B.: The Zune HD: more than an iPod touch wanna-be? EDN, p. 20 (October 2009)Google Scholar
  8. 8.
    Garcia, F.D., van Rossum, P., Verdult, R., Schreur, R.W.: Dismantling SecureMemory, CryptoMemory and CryptoRF. In: 17th ACM Conference on Computer and Communications Security-CCS 2010, pp. 250–259. ACM Press, New York (2010), Google Scholar
  9. 9.
    Garcia, F.D.: Private communicationGoogle Scholar
  10. 10.
    Jarboe, M.: Introduction to CryptoMemory. Atmel Applications Journal 3, 28 (2004)Google Scholar
  11. 11.
    Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 159–176 (1989)Google Scholar
  12. 12.
  13. 13.
  14. 14.
    Viterbi, A.J.: Error bounds for convolutional codes and an asymptotically optimum decoding algorithm. IEEE Transactions on Information Theory 13(2), 260–269 (1967)CrossRefzbMATHGoogle Scholar
  15. 15.
    Amazon Elastic Compute Cloud (Amazon EC2), (accessed January 22, 2010)

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Alex Biryukov
    • 1
  • Ilya Kizhvatov
    • 1
  • Bin Zhang
    • 1
  1. 1.Faculty of Science, Technology and CommunicationUniversity of LuxembourgLuxembourg

Personalised recommendations