A Real-Time Key Recovery Attack on the Lightweight Stream Cipher A2U2

The stream cipher A2U2 proposed by David et al. [7] is one of lightweight cipher primitives. In this paper we present a real-time key recovery attack on A2U2 under the known-plaintext-attack model, which only needs at most 210 consecutive ciphertext bits and its corresponding plaintext with the time complexity about 224.7. Our result is much better than that of the attack proposed by M. Abdelraheem et al. in [9] whose complexity is O(249×C), where C is the complexity of solving a sparse quadratic equation system on 56 unknown key bits. Furthermore we provide a new approach to solving the above sparse quadratic equation system, which reduces the complexity C to a very small constant. Finally we do an entire experiment on a PC and recover all bits of a random key in a few seconds.

[1]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[2]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[3]  Klaus Finkenzeller,et al.  Rfid Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification , 2003 .

[4]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[5]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[6]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[7]  Damith C. Ranasinghe,et al.  A2U2: A stream cipher for printed electronics RFID tags , 2011, 2011 IEEE International Conference on RFID.

[8]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[9]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[10]  Guang Gong,et al.  Hummingbird: Ultra-Lightweight Cryptography for Resource-Constrained Devices , 2010, Financial Cryptography Workshops.

[11]  Guang Gong,et al.  An Ultra-Efficient Key Recovery Attack on the Lightweight Stream Cipher A2U2 , 2011, IACR Cryptol. ePrint Arch..

[12]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[13]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[14]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[15]  Erik Zenner,et al.  Cryptanalysis of the Light-Weight Cipher A2U2 , 2011, IMACC.

[16]  Hugo Krawczyk,et al.  The Shrinking Generator , 1994, CRYPTO.