Cryptology ePrint Archive: Report 2011/707

Cryptanalysis of The Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF

Alex Biryukov and Ilya Kizhvatov and Bin Zhang

Abstract: SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS'2010, it was shown that given $1$ keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in $2^{39.4}$ cipher ticks and if $2640$ keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in $2^{58}$ cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in $2^{29.8}$ cipher ticks given $1$ keystream frame; for CM, we can recover the secret key in $2^{50}$ cipher ticks with around $24$ frames. Practical implementation of the full attack confirms our results.

Category / Keywords: secret-key cryptography / Stream ciphers, RFID, Frame,SecureMemory,CryptoMemory

Publication Info: 9th International Conference on Applied Cryptography and Network Security-ACNS 2011, Springer-Verlag, LNCS vol. 6715, pp. 91-109

Date: received 27 Dec 2011

Contact author: martin_zhangbin at yahoo com cn

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20111231:153626 (All versions of this report)

Discussion forum: Show discussion | Start new discussion