Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF

Biryukov, Alex; Kizhvatov, Ilya; Zhang, Bin

Reference : Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/17070

Title :	Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF
Language :	English
Author, co-author :	Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Kizhvatov, Ilya [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Zhang, Bin [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	2011
Main document title :	Applied Cryptography and Network Security - 9th International Conference
Publisher :	Springer
Pages :	91-109
Peer reviewed :	Yes
Audience :	International
ISBN :	978-3-642-21553-7
Event name :	Applied Cryptography and Network Security - 9th International Conference
Event date :	June 7-10, 2011
Event place (city) :	Nerja
Event country :	Spain
Keywords :	[en] Stream ciphers ; RFID ; Frame ; SecureMemory ; CryptoMemory
Abstract :	[en] SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS’2010, it was shown that given 1 keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in 2^39.4 cipher ticks and if 2640 keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in 2^58 cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in 2^29.8 cipher ticks given 1 keystream frame; for CM, we can recover the secret key in 2^50 cipher ticks with around 24 frames. Practical implementation of the full attack confirms our results.
Permalink :	http://hdl.handle.net/10993/17070
Other URL :	http://eprint.iacr.org/2011/707.pdf
Commentary :	6715 Lecture Notes in Computer Science Lect Notes Comput Sci 1611-3349 0302-9743

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	biryukov-CryptoMemory.pdf	No commentary	Author postprint	268.67 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices