Paper 2015/062

Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher

Yuval Yarom, Gefei Li, and Damith C. Ranasinghe

Abstract

There is a growing need to develop lightweight cryptographic primitives suitable for resource-constrained devices permeating in increasing numbers into the fabric of life. Such devices are exemplified none more so than by batteryless radio frequency identification (RFID) tags in applications ranging from automatic identification and monitoring to anti-counterfeiting. Pandaka is a lightweight cipher together with a protocol proposed in INFOCOM 2014 for extremely resource limited RFID tags. It is designed to reduce the hardware cost (area of silicon) required for implementing the cipher by shifting the computationally intensive task of cryptographically secure random number generation to the reader. In this paper we evaluate Pandaka and demonstrate that the communication protocol contains flaws which completely break the security of the cipher and make Pandaka susceptible to de-synchronisation. Furthermore, we show that, even without the protocol flaws, we can use a guess and determine method to mount an attack on the cipher for the more challenging scenario of a known-plaintext attack with an expected complexity of only $2^{55}$. We conclude that Pandaka needs to be amended and highlight simple measures to prevent the above attacks.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
CryptanalysisLightweight CipherGuess and determine
Contact author(s)
yval @ cs adelaide edu au
History
2015-01-27: received
Short URL
https://ia.cr/2015/062
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/062,
      author = {Yuval Yarom and Gefei Li and Damith C.  Ranasinghe},
      title = {Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/062},
      year = {2015},
      url = {https://eprint.iacr.org/2015/062}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.