Low-Complexity Attacks on Selected Lightweight Stream Ciphers
Abstract
Although Radio Frequency Identification (RFID) technology provides many attractive and unique features, the constraints in computation and storage pose a new challenge for implementing cryptographic primitives and deploying security mechanisms. While many designs for lightweight block ciphers have been proposed in the literature, lightweight stream ciphers (favored by actual practitioners) have received much less attention to date – there are few proposals and implementations and many of these are broken. In this chapter, we review four lightweight stream ciphers designed and employed in the industry:Crypto-1, Hitag-2, the Atmel Cipher, and A2U2. For Crypto-1, Hitag-2, and the Atmel Cipher, we critically analyze all known attacks in various scenarios and put them into a unified perspective. For A2U2, we report a novel key recovery attack that fully recovers the secret key by only querying the encryption twice on the victim tag and computing for approximately $0.16$ seconds on a standard PC.
