Paper 2008/166

Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards

Nicolas T. Courtois, Karsten Nohl, and Sean O'Neil

Abstract

MiFare Crypto 1 is a lightweight stream cipher used in London's Oyster card, Netherland's OV-Chipcard, US Boston's CharlieCard, and in numerous wireless access control and ticketing systems worldwide. Recently, researchers have been able to recover this algorithm by reverse engineering. We have examined MiFare from the point of view of the so called "algebraic attacks". We can recover the full 48-bit key of MiFare algorithm in 200 seconds on a PC, given 1 known IV (from one single encryption). The security of this cipher is therefore close to zero. This is particularly shocking, given the fact that, according to the Dutch press, 1 billion of MiFare Classic chips are used worldwide, including in many governmental security systems.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Mifare Crypto 1 algorithmstream ciphersalgebraic cryptanalysisBoolean functionsGröbner basesSAT solvers
Contact author(s)
n courtois @ ucl ac uk
History
2008-04-14: revised
2008-04-14: received
See all versions
Short URL
https://ia.cr/2008/166
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/166,
      author = {Nicolas T.  Courtois and Karsten Nohl and Sean O'Neil},
      title = {Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards},
      howpublished = {Cryptology ePrint Archive, Paper 2008/166},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/166}},
      url = {https://eprint.iacr.org/2008/166}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.