Cryptanalysis of the Light-Weight Cipher A2U2

  • Mohamed Ahmed Abdelraheem
  • Julia Borghoff
  • Erik Zenner
  • Mathieu David
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7089)

Abstract

In recent years, light-weight cryptography has received a lot of attention. Many primitives suitable for resource-restricted hardware platforms have been proposed. In this paper, we present a cryptanalysis of the new stream cipher A2U2 presented at IEEE RFID 2011 [9] that has a key length of 56 bit. We start by disproving and then repairing an extremely efficient attack presented by Chai et al. [8], showing that A2U2 can be broken in less than a second in the chosen-plaintext case. We then turn our attention to the more challenging known-plaintext case and propose a number of attacks. A guess-and-determine approach combined with algebraic cryptanalysis yields an attack that requires about 249 internal guesses. We also show how to determine the 5-bit counter key and how to reconstruct the 56-bit key in about 238 steps if the attacker can freely choose the IV. Furthermore, we investigate the possibility of exploiting the knowledge of a “noisy keystream” by solving a Max-PoSSo problem. We conclude that the cipher needs to be repaired and point out a number of simple measures that would prevent the above attacks.

Keywords

Equation System Block Cipher Polynomial System Stream Cipher Plaintext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdelraheem, M.A., Blondeau, C., Naya-Plasencia, M., Videau, M., Zenner, E.: Cryptanalysis of ARMADILLO2. In: Lee, D.H. (ed.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 308–326. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Albrecht, M., Cid, C.: Cold boot key recovery by solving polyonomial systems with noise. IACR eprint (2011), http://eprint.iacr.org/2011/038.pdf
  3. 3.
    Badel, S., Dağtekin, N., Nakahara Jr., J., Ouafi, K., Reffé, N., Sepehrdad, P., Sušil, P., Vaudenay, S.: ARMADILLO: a Multi-Purpose Cryptographic Primitive Dedicated to Hardware. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 398–412. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Rechberger, C.: A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Borghoff, J., Knudsen, L.R., Stolpe, M.: Bivium as a Mixed-Integer Linear Programming Problem. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 133–152. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN - a Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Chai, Q., Fan, X., Gong, G.: An ultra-efficient key recovery attack on the lightweight stream cipher A2U2 (2011), http://eprint.iacr.org/2011/247 Version published: 20110518:133751 (posted May 18, 2011 13:37:51 UTC)
  9. 9.
    David, M., Ranasinghe, D.C., Larsen, T.: A2U2: A stream cipher for printed electronics RFID tags. In: Proc. IEEE RFID 2011, pp. 240–247 (to appear, 2011)Google Scholar
  10. 10.
    EPC Global. EPC Class 1 Generation 2 UHF Air Interface Protocol Standard Gen 2 (2008)Google Scholar
  11. 11.
    ISO/IEC 14443-2 Standard. Identification cards - Contactless integrated circuit cards - Proximity cards - Part 2: Radio frequency power and signal interface (2010)Google Scholar
  12. 12.
    Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A Cryptanalysis of Printcipher: The Invariant Subspace Attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206–221. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206–221. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Rogaway, P.: Nonce-Based Symmetric Encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mohamed Ahmed Abdelraheem
    • 1
  • Julia Borghoff
    • 1
  • Erik Zenner
    • 2
  • Mathieu David
    • 3
  1. 1.Technical University of DenmarkDenmark
  2. 2.University of Applied Sciences OffenburgGermany
  3. 3.Aalborg UniversityDenmark

Personalised recommendations