Paper 2002/068
Improved key recovery of level 1 of the Bluetooth Encryption System
Scott Fluhrer
Abstract
The encryption system \(E_{0}\), which is the encryption system used in the Bluetooth specification, is a two level system where a key and a packet nonce is given to a level 1 key stream generator, which produces the key for a level 2 key stream generator, whose output is used to encrypt. We give a method for recovering the key for the level 1 key stream generator given the internal keys for two or three level 2 key stream generators. This method, combined with published methods for recovering keys for the level 2 key stream generator, can be used to recover the \(E_{0}\) second key with $O(2^{65})$ work, and $O(2^{80})$ precomputation time. Although this attack is of no advantage if \(E_{0}\) is used with the recommended security parameters (64 bit encryption key), it shows that no addition security would be made available by enlarging the encryption key, as discussed in the Bluetooth specification.
Note: This is a rough first draft. The exposition could be much improved, and I haven't bothered to define all the variables used within the algorithm (although they should be obvious). I intend to revise this shortly.
Metadata
- Available format(s)
- PS
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Bluetooth E0 cryptanalysis
- Contact author(s)
- sfluhrer @ cisco com
- History
- 2002-06-03: received
- Short URL
- https://ia.cr/2002/068
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2002/068,
author = {Scott Fluhrer},
title = {Improved key recovery of level 1 of the Bluetooth Encryption System},
howpublished = {Cryptology ePrint Archive, Paper 2002/068},
year = {2002},
note = {\url{https://eprint.iacr.org/2002/068}},
url = {https://eprint.iacr.org/2002/068}
}
