Paper 2013/421
Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)
Valentina Banciu, Simon Hoerder, and Dan Page
Abstract
In [12], the authors present a new light-weight cryptographic primitive which supports an associated RFID-based authentication protocol. The primitive has some structural similarities to AES, but is presented as a keyed one-way function using a 128-bit key. Although a security analysis is included, this is at a high-level only. To provide a more concrete idea as to the security of this primitive, we therefore make three contributions: first, a structural attack requiring $O(2^{5})$ plaintext/ciphertext pairs (and hence effort online) plus $O(2^{21})$ effort offline, second an algebraic attack on round reduced versions of the primitive which requires only a single plaintext/ciphertext pair, and, third debunk the claimed attack of [36] on the same primitive as wishful thinking. Our structural attack completely breaks the primitive and the algebraic attack highlights a crucial weakness of the primitive: we conclude that although one can consider countermeasures against these specific attacks, the design in general is questionable and should therefore be avoided.
Note: Updated performance figures, minor editorial edits.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. submitted to a conference
- Keywords
- Light-weight block cipherstructural attackalgebraic attackRFID authentication
- Contact author(s)
- hoerder @ cs bris ac uk
- History
- 2013-07-03: revised
- 2013-07-02: received
- See all versions
- Short URL
- https://ia.cr/2013/421
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2013/421, author = {Valentina Banciu and Simon Hoerder and Dan Page}, title = {Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/421}, year = {2013}, url = {https://eprint.iacr.org/2013/421} }