Paper 2013/421

Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)

Valentina Banciu, Simon Hoerder, and Dan Page


In [12], the authors present a new light-weight cryptographic primitive which supports an associated RFID-based authentication protocol. The primitive has some structural similarities to AES, but is presented as a keyed one-way function using a 128-bit key. Although a security analysis is included, this is at a high-level only. To provide a more concrete idea as to the security of this primitive, we therefore make three contributions: first, a structural attack requiring $O(2^{5})$ plaintext/ciphertext pairs (and hence effort online) plus $O(2^{21})$ effort offline, second an algebraic attack on round reduced versions of the primitive which requires only a single plaintext/ciphertext pair, and, third debunk the claimed attack of [36] on the same primitive as wishful thinking. Our structural attack completely breaks the primitive and the algebraic attack highlights a crucial weakness of the primitive: we conclude that although one can consider countermeasures against these specific attacks, the design in general is questionable and should therefore be avoided.

Note: Updated performance figures, minor editorial edits.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. submitted to a conference
Light-weight block cipherstructural attackalgebraic attackRFID authentication
Contact author(s)
hoerder @ cs bris ac uk
2013-07-03: revised
2013-07-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Valentina Banciu and Simon Hoerder and Dan Page},
      title = {Light-weight primitive, feather-weight security? A cryptanalytic knock-out. (Preliminary results)},
      howpublished = {Cryptology ePrint Archive, Paper 2013/421},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.