Paper 2011/247

An Ultra-Efficient Key Recovery Attack on the Lightweight Stream Cipher A2U2

Qi Chai, Xinxin Fan, and Guang Gong

Abstract

In this letter we report on an ultra-efficient key recovery attack under the chosen-plaintext-attack model against the stream cipher A2U2, which is the most lightweight cryptographic primitive (i.e., it costs only 284 GE in hardware implementation) proposed so far for low-cost Radio Frequency Identification (RFID) tags. Our attack can fully recover the secret key of the A2U2 cipher by only querying the A2U2 encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Stream CipherKey RecoveryRFID
Contact author(s)
q3chai @ engmail uwaterloo ca
History
2011-05-26: last of 3 revisions
2011-05-18: received
See all versions
Short URL
https://ia.cr/2011/247
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2011/247,
      author = {Qi Chai and Xinxin Fan and Guang Gong},
      title = {An Ultra-Efficient Key Recovery Attack on the Lightweight Stream Cipher {A2U2}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/247},
      year = {2011},
      url = {https://eprint.iacr.org/2011/247}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.