In recent years, light-weight cryptography has received a lot of attention. Many primitives suitable for resource-restricted hardware platforms have been proposed. In this paper, we present a cryptanalysis of the new stream cipher A2U2 presented at IEEE RFID 2011 [9] that has a key length of 56 bit. We start by disproving and then repairing an extremely efficient attack presented by Chai et al. [8], showing that A2U2 can be broken in less than a second in the chosen-plaintext case. We then turn our attention to the more challenging known-plaintext case and propose a number of attacks. A guess-and-determine approach combined with algebraic cryptanalysis yields an attack that requires about 2 49 internal guesses. We also show how to determine the 5-bit counter key and how to reconstruct the 56-bit key in about 2 38 steps if the attacker can freely choose the IV. Furthermore, we investigate the possibility of exploiting the knowledge of a "noisy keystream" by solving a Max-PoSSo problem. We conclude that the cipher needs to be repaired and point out a number of simple measures that would prevent the above attacks. © 2011 Springer-Verlag.
CITATION STYLE
Abdelraheem, M. A., Borghoff, J., Zenner, E., & David, M. (2011). Cryptanalysis of the light-weight cipher A2U2. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7089 LNCS, pp. 375–390). https://doi.org/10.1007/978-3-642-25516-8_23
Mendeley helps you to discover research relevant for your work.