Paper 2015/428

Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol

Philipp Jovanovic and Samuel Neves


This paper analyses the cryptography used in the Open Smart Grid Protocol (OSGP). The authenticated encryption (AE) scheme deployed by OSGP is a non-standard composition of RC4 and a home-brewed MAC, the ``OMA digest''. We present several practical key-recovery attacks against the OMA digest. The first and basic variant can achieve this with a mere $13$ queries to an OMA digest oracle and negligible time complexity. A more sophisticated version breaks the OMA digest with only $4$ queries and a time complexity of about $2^{25}$ simple operations. A different approach only requires one arbitrary valid plaintext-tag pair, and recovers the key in an average of $144$ \emph{message verification} queries, or one ciphertext-tag pair and $168$ \emph{ciphertext verification} queries. Since the encryption key is derived from the key used by the OMA digest, our attacks break both confidentiality and authenticity of OSGP.

Available format(s)
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2015
cryptanalysissmart gridauthenticated encryption
Contact author(s)
jovanovic @ fim uni-passau de
2015-06-18: revised
2015-05-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Philipp Jovanovic and Samuel Neves},
      title = {Dumb Crypto in Smart Grids: Practical Cryptanalysis of the Open Smart Grid Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2015/428},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.