Fast Key Recovery Attack on ARMADILLO1 and Variants

نویسندگان

  • Pouyan Sepehrdad
  • Petr Susil
  • Serge Vaudenay
چکیده

The ARMADILLO cryptographic primitive is a multi-purpose cryptographic primitive for RFID devices proposed at CHES’10. The main purpose of the primitive is to provide a secure authentication in a challenge-response protocol. It has two versions, named ARMADILLO (subsequently denoted by ARMADILLO1) and ARMADILLO2. However, we found a fatal weakness in the design which allows a passive attacker to recover the secret key in polynomial time, of ARMADILLO1 and some generalizations. We introduce some intermediate designs which try to prevent the attack and link ARMADILLO1 to ARMADILLO2. Considering the fact that the attack against ARMADILLO1 is polynomial, this brings about some concerns into the security of the second version ARMADILLO2, although it remains unbroken so far.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants

In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...

متن کامل

On the Security of NMAC and Its Variants

We first propose a general equivalent key recovery attack to a H-MAC variant NMAC1, which is also provable secure, by applying a generalized birthday attack. Our result shows that NMAC1, even instantiated with a secure Merkle-Damg̊ard hash function, is not secure. We further show that this equivalent key recovery attack to NMAC1 is also applicable to NMAC for recovering the equivalent inner key ...

متن کامل

Cryptanalysis of Multivariate and Odd-Characteristic HFE Variants

We investigate the security of a generalization of HFE (multivariate and odd-characteristic variants). First, we propose an improved version of the basic Kipnis-Shamir key recovery attack against HFE. Second, we generalize the Kipnis-Shamir attack to Multi-HFE. The attack reduces to solve a MinRank problem directly on the public key. This leads to an improvement of a factor corresponding to the...

متن کامل

Key Recovery Attack on QuiSci

QuiSci is incredible fast, faster than most other ciphers. On modern CPUs it needs only arround 1 clock cycle per byte, so it is 10 times fast than most other well-known algorithm. On the website of QuiSci [1] it is claimed that this algorithm is secure. With this paper I like to show a key recovery attack on QuiSci, exploiting the weak key setup. When you are able to guess the beginning of the...

متن کامل

Key Recovery Attack against 2.5-round π-Cipher

In this paper, we propose a guess and determine attack against some variants of the π-Cipher family of authenticated ciphers. This family of ciphers is a second-round candidate of the CAESAR competition. More precisely, we show a key recovery attack with time complexity little higher than 2, and low data complexity, against variants of the cipher with ω-bit words, when the internal permutation ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011