Paper 2013/421

Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)

Valentina Banciu, Simon Hoerder, and Dan Page

Abstract

In [12], the authors present a new light-weight cryptographic primitive which supports an associated RFID-based authentication protocol. The primitive has some structural similarities to AES, but is presented as a keyed one-way function using a 128-bit key. Although a security analysis is included, this is at a high-level only. To provide a more concrete idea as to the security of this primitive, we therefore make three contributions: first, a structural attack requiring $O(2^{5})$ plaintext/ciphertext pairs (and hence effort online) plus $O(2^{21})$ effort offline, second an algebraic attack on round reduced versions of the primitive which requires only a single plaintext/ciphertext pair, and, third debunk the claimed attack of [36] on the same primitive as wishful thinking. Our structural attack completely breaks the primitive and the algebraic attack highlights a crucial weakness of the primitive: we conclude that although one can consider countermeasures against these specific attacks, the design in general is questionable and should therefore be avoided.

Note: Updated performance figures, minor editorial edits.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. submitted to a conference
Keywords
Light-weight block cipherstructural attackalgebraic attackRFID authentication
Contact author(s)
hoerder @ cs bris ac uk
History
2013-07-03: revised
2013-07-02: received
See all versions
Short URL
https://ia.cr/2013/421
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/421,
      author = {Valentina Banciu and Simon Hoerder and Dan Page},
      title = {Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/421},
      year = {2013},
      url = {https://eprint.iacr.org/2013/421}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.