Cryptology ePrint Archive: Report 2013/421

Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)

Valentina Banciu and Simon Hoerder and Dan Page

Abstract: In [12], the authors present a new light-weight cryptographic primitive which supports an associated RFID-based authentication protocol. The primitive has some structural similarities to AES, but is presented as a keyed one-way function using a 128-bit key. Although a security analysis is included, this is at a high-level only. To provide a more concrete idea as to the security of this primitive, we therefore make three contributions: first, a structural attack requiring $O(2^{5})$ plaintext/ciphertext pairs (and hence effort online) plus $O(2^{21})$ effort offline, second an algebraic attack on round reduced versions of the primitive which requires only a single plaintext/ciphertext pair, and, third debunk the claimed attack of [36] on the same primitive as wishful thinking. Our structural attack completely breaks the primitive and the algebraic attack highlights a crucial weakness of the primitive: we conclude that although one can consider countermeasures against these specific attacks, the design in general is questionable and should therefore be avoided.

Category / Keywords: secret-key cryptography / Light-weight block cipher, structural attack, algebraic attack, RFID authentication

Publication Info: submitted to a conference

Date: received 27 Jun 2013, last revised 3 Jul 2013

Contact author: hoerder at cs bris ac uk

Available format(s): PDF | BibTeX Citation

Note: Updated performance figures, minor editorial edits.

Version: 20130703:075727 (All versions of this report)

Short URL: ia.cr/2013/421

Discussion forum: Show discussion | Start new discussion