TY - CHAP U1 - Konferenzveröffentlichung A1 - Abdelraheem, Mohamed Ahmed A1 - Borghoff, Julia A1 - Zenner, Erik A1 - David, Mathieu ED - Chen, Liqun T1 - Cryptanalysis of the Light-Weight Cipher A2U2 T2 - Cryptography and Coding N2 - In recent years, light-weight cryptography has received a lot of attention. Many primitives suitable for resource-restricted hardware platforms have been proposed. In this paper, we present a cryptanalysis of the new stream cipher A2U2 presented at IEEE RFID 2011 [9] that has a key length of 56 bit. We start by disproving and then repairing an extremely efficient attack presented by Chai et al. [8], showing that A2U2 can be broken in less than a second in the chosen-plaintext case. We then turn our attention to the more challenging known-plaintext case and propose a number of attacks. A guess-and-determine approach combined with algebraic cryptanalysis yields an attack that requires about 249 internal guesses. We also show how to determine the 5-bit counter key and how to reconstruct the 56-bit key in about 238 steps if the attacker can freely choose the IV. Furthermore, we investigate the possibility of exploiting the knowledge of a “noisy keystream” by solving a Max-PoSSo problem. We conclude that the cipher needs to be repaired and point out a number of simple measures that would prevent the above attacks. Y1 - 2011 UR - http://link.springer.com/chapter/10.1007/978-3-642-25516-8_23 SN - 0302-9743 SS - 0302-9743 SN - 1611-3349 (E-ISSN) SS - 1611-3349 (E-ISSN) SN - 978-3-642-25515-1 (Softcover) SB - 978-3-642-25515-1 (Softcover) SN - 978-3-642-25516-8 (eBook) SB - 978-3-642-25516-8 (eBook) U6 - https://doi.org/10.1007/978-3-642-25516-8_23 DO - https://doi.org/10.1007/978-3-642-25516-8_23 VL - LNCS 7089 SP - 375 EP - 390 PB - Springer CY - Berlin, Heidelberg ER -