Cryptology ePrint Archive: Report 2003/162

Cryptanalysis of the Alleged SecurID Hash Function

Alex Biryukov and Joseph Lano and Bart Preneel

Abstract: The SecurID hash function is used for authenticating users to a corporate computer infrastructure. We analyse an alleged implementation of this hash function. The block cipher at the heart of the function can be broken in few milliseconds on a PC with 70 adaptively chosen plaintexts. The 64-bit secret key of 10$\%$ of the cards can be discovered given two months of token outputs and $2^{48}$ analysis steps. A larger fraction of cards can be covered given more observation time.

Category / Keywords: secret-key cryptography / alleged SecurID, cryptanalysis, internal collision, vanishing differential

Publication Info: Updated version of a paper, which will appear in SAC'03 preproceedings

Date: received 8 Aug 2003, last revised 29 Oct 2003

Contact author: abiryuko at esat kuleuven ac be

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: New attack on the full Alleged SecurID Hash Function.

Version: 20031029:123127 (All versions of this report)

Short URL: ia.cr/2003/162