Cryptanalysis of the Light-Weight Cipher A2U2
In recent years, light-weight cryptography has received a lot of attention. Many primitives suitable for resource-restricted hardware platforms have been proposed. In this paper, we present a cryptanalysis of the new stream cipher A2U2 presented at IEEE RFID 2011  that has a key length of 56 bit. We start by disproving and then repairing an extremely efficient attack presented by Chai et al. , showing that A2U2 can be broken in less than a second in the chosen-plaintext case. We then turn our attention to the more challenging known-plaintext case and propose a number of attacks. A guess-and-determine approach combined with algebraic cryptanalysis yields an attack that requires about 249 internal guesses. We also show how to determine the 5-bit counter key and how to reconstruct the 56-bit key in about 238 steps if the attacker can freely choose the IV. Furthermore, we investigate the possibility of exploiting the knowledge of a “noisy keystream” by solving a Max-PoSSo problem. We conclude that the cipher needs to be repaired and point out a number of simple measures that would prevent the above attacks.
KeywordsEquation System Block Cipher Polynomial System Stream Cipher Plaintext Attack
Unable to display preview. Download preview PDF.
- 2.Albrecht, M., Cid, C.: Cold boot key recovery by solving polyonomial systems with noise. IACR eprint (2011), http://eprint.iacr.org/2011/038.pdf
- 3.Badel, S., Dağtekin, N., Nakahara Jr., J., Ouafi, K., Reffé, N., Sepehrdad, P., Sušil, P., Vaudenay, S.: ARMADILLO: a Multi-Purpose Cryptographic Primitive Dedicated to Hardware. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 398–412. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 8.Chai, Q., Fan, X., Gong, G.: An ultra-efficient key recovery attack on the lightweight stream cipher A2U2 (2011), http://eprint.iacr.org/2011/247 Version published: 20110518:133751 (posted May 18, 2011 13:37:51 UTC)
- 9.David, M., Ranasinghe, D.C., Larsen, T.: A2U2: A stream cipher for printed electronics RFID tags. In: Proc. IEEE RFID 2011, pp. 240–247 (to appear, 2011)Google Scholar
- 10.EPC Global. EPC Class 1 Generation 2 UHF Air Interface Protocol Standard Gen 2 (2008)Google Scholar
- 11.ISO/IEC 14443-2 Standard. Identification cards - Contactless integrated circuit cards - Proximity cards - Part 2: Radio frequency power and signal interface (2010)Google Scholar