Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Practical Algebraic Attacks on the Hitag2 Stream Cipher
  • Publication Type:
  • Authors:
    Nicolas T Courtois SOAJ-JQ
  • Publisher:
  • Publication date:
  • Place of publication:
  • Pagination:
    167, 176
  • Published proceedings:
    12th International Conference, ISC 2009 Pisa, Italy, September 7-9, 2009 Proceedings
  • Volume:
  • Series:
    Lecture Notes in Computer Science
  • Editors:
    Ardagna PSMYFMACA
  • ISBN-13:
  • Status:
  • Name of conference:
    12th Information Security Conference, ISC 2009
  • Conference place:
    Pisa, Italy
  • Conference start date:
  • Conference finish date:
  • Language:
  • Number of volumes:
  • Keywords:
    RFID tags, Hitag 2 algorithm, MiFare Crypto-1 cipher, stream ciphers, algebraic cryptanalysis, Boolean functions, Grobner bases, SAT solvers.
  • Publisher URL:
Hitag2 is a stream cipher that is widely used in RFID car locks in the automobile industry. It can be seen as a (much) more secure version of the [in]famous Crypto-1 cipher that is used in MiFare Classic RFID products [18, 13]. Recently, a specification of Hitag2 was circulated on the Internet [27]. Is this cipher secure w.r.t. the recent algebraic attacks [8, 15, 1, 23] that allowed to break with success several LFSR-based stream ciphers? After running some computer simulations we saw that the Algebraic Immunity [23] is at least 4 and we see no hope to get a very e cient attack of this type. However, there are other algebraic attacks that rely on experimentation but nevertheless work. For example Faugere and Ars have discovered that many simple stream ciphers can be broken experimentally with Grobner bases, given an extremely small quantity of keystream, see [15]. Similarly reduced-round versions of DES [9] and KeeLoq [11, 12] were broken using SAT solvers, that actually seem to outperform Groobner basis techniques. Thus, we have implemented a generic experimental algebraic attack with conversion and SAT solvers, [10, 9]. As a result we are able to break Hitag2 quite easily, the full key can be recovered in a few hours on a PC. In addition, given the specific protocol in which Hitag2 cipher is used in cars, some of our attacks are practical.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by