| Abstract: | Hardware efficient encryption algorithms are necessary
for applications like low cost Radio Frequency Identification
(RFID) tags. In order to keep the cost as low as possible, the
designers of lightweight algorithms are using simplified versions
of well studied components. Unfortunately, in most cases this
simplification leads to weak constructions.
In this paper, we investigate one such case. Recently, a low
hardware complexity binary additive stream cipher was proposed
in the Computers & Security journal. This stream cipher is
based on a simplified version of a family of universal hash
functions. The new family is called Toeplitz hash. The Toeplitz
hash functions can be very efficiently implemented on hardware
and for that the proposed stream cipher is suitable for low cost
applications. However, we demonstrate that the security of the
cipher is much weaker than it was claimed. More precisely, we
introduce a known-plaintext attack that can retrieve the secret
key with very low computational complexity that requires only a
few known keystream bits by taking advantage of the low cost. |
|---|
Greek