Paper 2011/707

Cryptanalysis of The Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF

Alex Biryukov, Ilya Kizhvatov, and Bin Zhang


SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS'2010, it was shown that given $1$ keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in $2^{39.4}$ cipher ticks and if $2640$ keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in $2^{58}$ cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in $2^{29.8}$ cipher ticks given $1$ keystream frame; for CM, we can recover the secret key in $2^{50}$ cipher ticks with around $24$ frames. Practical implementation of the full attack confirms our results.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. 9th International Conference on Applied Cryptography and Network Security-ACNS 2011, Springer-Verlag, LNCS vol. 6715, pp. 91-109
Stream ciphersRFIDFrameSecureMemoryCryptoMemory
Contact author(s)
martin_zhangbin @ yahoo com cn
2011-12-31: received
Short URL
Creative Commons Attribution


      author = {Alex Biryukov and Ilya Kizhvatov and Bin Zhang},
      title = {Cryptanalysis of The Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF},
      howpublished = {Cryptology ePrint Archive, Paper 2011/707},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.