a real-time key recovery attack on the lightweight stream cipher a2u2

ISCAS OpenIR

	a real-time key recovery attack on the lightweight stream cipher a2u2
	Shi Zhenqing; Feng Xiutao; Feng Dengguo; Wu Chuankun
	2012
Conference Name	11th International Conference on Cryptology and Network Security, CANS 2012
Source	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages	12-22
Conference Date	December 12, 2012 - December 14, 2012
Conference Place	Darmstadt, Germany
Indexed Type	EI
ISSN	0302-9743
ISBN	9783642354038
Department	(1) Institute of Software Chinese Academy of Sciences Beijing 100190 China; (2) Key Laboratory of Mathematics Mechanization Academy of Mathematics and Systems Science Chinese Academy of Sciences Beijing 100190 China; (3) Institute of Information Engineering Chinese Academy of Sciences Beijing 100195 China
English Abstract	The stream cipher A2U2 proposed by David et al. [7] is one of lightweight cipher primitives. In this paper we present a real-time key recovery attack on A2U2 under the known-plaintext-attack model, which only needs at most 210 consecutive ciphertext bits and its corresponding plaintext with the time complexity about 2^24.7. Our result is much better than that of the attack proposed by M. Abdelraheem et al. in [9] whose complexity is O(2 ⁴⁹ x C), where C is the complexity of solving a sparse quadratic equation system on 56 unknown key bits. Furthermore we provide a new approach to solving the above sparse quadratic equation system, which reduces the complexity C to a very small constant. Finally we do an entire experiment on a PC and recover all bits of a random key in a few seconds. © Springer-Verlag 2012.; The stream cipher A2U2 proposed by David et al. [7] is one of lightweight cipher primitives. In this paper we present a real-time key recovery attack on A2U2 under the known-plaintext-attack model, which only needs at most 210 consecutive ciphertext bits and its corresponding plaintext with the time complexity about 2^24.7. Our result is much better than that of the attack proposed by M. Abdelraheem et al. in [9] whose complexity is O(2 ⁴⁹ x C), where C is the complexity of solving a sparse quadratic equation system on 56 unknown key bits. Furthermore we provide a new approach to solving the above sparse quadratic equation system, which reduces the complexity C to a very small constant. Finally we do an entire experiment on a PC and recover all bits of a random key in a few seconds. © Springer-Verlag 2012.
Keyword	Network Security Recovery
Language	英语
Content Type	会议论文
URI	http://ir.iscas.ac.cn/handle/311060/15845
Collection	中国科学院软件研究所
Recommended Citation GB/T 7714	Shi Zhenqing,Feng Xiutao,Feng Dengguo,et al. a real-time key recovery attack on the lightweight stream cipher a2u2[C],2012:12-22.

Files in This Item:
There are no files associated with this item.

If you have any objections to this item, please fill out the form below and the administrator will contact you as soon as possible.
Content:
Email：	*
Institution:
Verification Code:	Refresh

Any comments and suggestions are welcomed.
Title:	*
Content:
Email：	*
Verification Code:	Refresh

中国科学院软件研究所机构知识库