Logical Cryptanalysis as a SAT Problem
Journal of Automated Reasoning
The Security of Hidden Field Equations (HFE)
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Algebraic and Slide Attacks on KeeLoq
Fast Software Encryption
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Cryptanalysis of the data encryption standard by the method of formal coding
Proceedings of the 1982 conference on Cryptography
Algebraic attacks on stream ciphers with linear feedback
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Algebraic cryptanalysis of the data encryption standard
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Small scale variants of the AES
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Block ciphers sensitive to gröbner basis attacks
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Applications of SAT solvers to cryptanalysis of hash functions
SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing
Exposing iClass key diversification
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
An improvement of linearization-based algebraic attacks
InfoSecHiComNet'11 Proceedings of the First international conference on Security aspects in information technology
Cube cryptanalysis of hitag2 stream cipher
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Attacking an AES-Enabled NFC tag: implications from design to a real-world scenario
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Gone in 360 seconds: Hijacking with Hitag2
Security'12 Proceedings of the 21st USENIX conference on Security symposium
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
SPACE'12 Proceedings of the Second international conference on Security, Privacy, and Applied Cryptography Engineering
Applying remote side-channel analysis attacks on a security-enabled NFC tag
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
Hitag2 is a stream cipher that is widely used in RFID car locks in the automobile industry. It can be seen as a (much) more secure version of the [in]famous Crypto-1 cipher that is used in MiFare Classic RFID products [14,20,15]. Recently, a specification of Hitag2 was circulated on the Internet [29]. Is this cipher secure w.r.t. the recent algebraic attacks [8,17,1,25] that allowed to break with success several LFSR-based stream ciphers? After running some computer simulations we saw that the Algebraic Immunity [25] is at least 4 and we see no hope to get a very efficient attack of this type. However, there are other algebraic attacks that rely on experimentation but nevertheless work. For example Faugère and Ars have discovered that many simple stream ciphers can be broken experimentally with Gröbner bases, given an extremely small quantity of keystream, see [17]. Similarly reduced-round versions of DES [9] and KeeLoq [11,12] were broken using SAT solvers, that actually seem to outperform Gröbner basis techniques. Thus, we have implemented a generic experimental algebraic attack with conversion and SAT solvers,[10,9]. As a result we are able to break Hitag2 quite easily, the full key can be recovered in a few hours on a PC. In addition, given the specific protocol in which Hitag2 cipher is used in cars, some of our attacks are practical.