Cube cryptanalysis of hitag2 stream cipher

Authors:
Siwei Sun;Lei Hu;Yonghong Xie;Xiangyong Zeng
Affiliations:
State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing, China;State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing, China;State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing, China;Faculty of Mathematics and Computer Science, Hubei University, Wuhan, China
Venue:
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
Year:
2011

Citing 9
Cited 1

Algebraic and Slide Attacks on KeeLoq

Fast Software Encryption
A Practical Attack on the MIFARE Classic

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Dismantling MIFARE Classic

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Reverse-engineering a cryptographic RFID tag

SS'08 Proceedings of the 17th conference on Security symposium
Cube Attacks on Tweakable Black Box Polynomials

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium

Fast Software Encryption
Practical Algebraic Attacks on the Hitag2 Stream Cipher

ISC '09 Proceedings of the 12th International Conference on Information Security
Algebraic attacks on stream ciphers with linear feedback

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A practical attack on KeeLoq

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology

Gone in 360 seconds: Hijacking with Hitag2

Security'12 Proceedings of the 21st USENIX conference on Security symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

Hitag2 is a lightweight LFSR-based stream cipher with a 48-bit key and a 48-bit internal state. As a more secure version of the Crypto-1 cipher which has been employed in many Mifare Classic RFID products, Hitag2 is used by many car manufacturers for unlocking car doors remotely. Until now, except the brute force attack, only one cryptanalysis on this cipher was released by Courtois, O'Neil and Quisquater, which broke Hitag2 by an SAT solver within several hours. However, little theoretical analysis and explanation were given in their work. In this paper, we show that there exist many low dimensional cubes of the initialization vectors such that the sums of the outputs of Hitag2 for the corresponding initialization vectors are linear expressions in secret key bits, and hence propose an efficient black- and white-box hybrid cube attack on Hitag2. Our attack experiments show that the cipher can be broken within one minute on a PC. The attack is composed of three phases: a black-box attack of extracting 32 bits of the secret key, a white-box attack to get several other key bits, and a brute force search for the remaining key bits.