a real-time key recovery attack on the lightweight stream cipher a2u2

ISCAS OpenIR

	a real-time key recovery attack on the lightweight stream cipher a2u2
	Shi Zhenqing; Feng Xiutao; Feng Dengguo; Wu Chuankun
	2012
会议名称	11th International Conference on Cryptology and Network Security, CANS 2012
会议录名称	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
页码	12-22
会议日期	December 12, 2012 - December 14, 2012
会议地点	Darmstadt, Germany
收录类别	EI
ISSN	0302-9743
ISBN	9783642354038
部门归属	(1) Institute of Software Chinese Academy of Sciences Beijing 100190 China; (2) Key Laboratory of Mathematics Mechanization Academy of Mathematics and Systems Science Chinese Academy of Sciences Beijing 100190 China; (3) Institute of Information Engineering Chinese Academy of Sciences Beijing 100195 China
摘要	The stream cipher A2U2 proposed by David et al. [7] is one of lightweight cipher primitives. In this paper we present a real-time key recovery attack on A2U2 under the known-plaintext-attack model, which only needs at most 210 consecutive ciphertext bits and its corresponding plaintext with the time complexity about 2^24.7. Our result is much better than that of the attack proposed by M. Abdelraheem et al. in [9] whose complexity is O(2 ⁴⁹ x C), where C is the complexity of solving a sparse quadratic equation system on 56 unknown key bits. Furthermore we provide a new approach to solving the above sparse quadratic equation system, which reduces the complexity C to a very small constant. Finally we do an entire experiment on a PC and recover all bits of a random key in a few seconds. © Springer-Verlag 2012.; The stream cipher A2U2 proposed by David et al. [7] is one of lightweight cipher primitives. In this paper we present a real-time key recovery attack on A2U2 under the known-plaintext-attack model, which only needs at most 210 consecutive ciphertext bits and its corresponding plaintext with the time complexity about 2^24.7. Our result is much better than that of the attack proposed by M. Abdelraheem et al. in [9] whose complexity is O(2 ⁴⁹ x C), where C is the complexity of solving a sparse quadratic equation system on 56 unknown key bits. Furthermore we provide a new approach to solving the above sparse quadratic equation system, which reduces the complexity C to a very small constant. Finally we do an entire experiment on a PC and recover all bits of a random key in a few seconds. © Springer-Verlag 2012.
关键词	Network Security Recovery
语种	英语
内容类型	会议论文
URI标识	http://ir.iscas.ac.cn/handle/311060/15845
专题	中国科学院软件研究所
推荐引用方式 GB/T 7714	Shi Zhenqing,Feng Xiutao,Feng Dengguo,et al. a real-time key recovery attack on the lightweight stream cipher a2u2[C],2012:12-22.