Abstract
The stream cipher A2U2 proposed by David et al. [7] is one of lightweight cipher primitives. In this paper we present a real-time key recovery attack on A2U2 under the known-plaintext-attack model, which only needs at most 210 consecutive ciphertext bits and its corresponding plaintext with the time complexity about 224.7. Our result is much better than that of the attack proposed by M. Abdelraheem et al. in [9] whose complexity is O(249×C), where C is the complexity of solving a sparse quadratic equation system on 56 unknown key bits. Furthermore we provide a new approach to solving the above sparse quadratic equation system, which reduces the complexity C to a very small constant. Finally we do an entire experiment on a PC and recover all bits of a random key in a few seconds.
This work was supported by the Natural Science Foundation of China (Grant No. 60833008, 60902024, 61121062), the 973 Program (Grant No.2007CB807902, 2011CB302401) and Foundation of President of the Chinese Academy of Sciences (Grant No. 50Y24103900).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Finkenzeller, K.: Introduction. In: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication, 3rd edn., ch. 1 (2010)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)
Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: Ultra-Lightweight Cryptography for Resource-Constrained Devices. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) FC 2010 Workshops. LNCS, vol. 6054, pp. 3–18. Springer, Heidelberg (2010)
Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A Block Cipher for IC-Printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010)
Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. International Journal of Wireless and Mobile Computing 2(1), 86–93 (2007)
David, M., Ranasinghe, D.C., Larsen, T.: A2U2: a stream cipher for printed electronics RFID tags. In: IEEE International Conference on RFID 2011, pp. 173–183 (2011)
Chai, Q., Fan, X., Gong, G.: An Ultra-Efficient Key Recovery Attack on the Lightweight Stream Cipher A2U2, IACR Cryptology ePrint Archive, p. 247 (2011)
Abdelraheem, M.A., Borghoff, J., Zenner, E., David, M.: Cryptanalysis of the Light-Weight Cipher A2U2. In: Chen, L. (ed.) Cryptography and Coding 2011. LNCS, vol. 7089, pp. 375–390. Springer, Heidelberg (2011)
Coppersmith, D., Krawczyk, H., Mansour, Y.: The Shrinking Generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shi, Z., Feng, X., Feng, D., Wu, C. (2012). A Real-Time Key Recovery Attack on the Lightweight Stream Cipher A2U2. In: Pieprzyk, J., Sadeghi, AR., Manulis, M. (eds) Cryptology and Network Security. CANS 2012. Lecture Notes in Computer Science, vol 7712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35404-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-35404-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35403-8
Online ISBN: 978-3-642-35404-5
eBook Packages: Computer ScienceComputer Science (R0)