The innovative HB + protocol of Juels and Weis  extends device authentication to low-cost RFID tags. However, despite the very simple on-tag computation there remain some practical problems with HB + and despite an elegant proof of security against some limited active attacks, there is a simple man-in-the-middle attack due to Gilbert et al. . In this… (More)
Much research has focused on providing RFID tags with lightweight cryptographic functionality. The HB + authentication protocol was recently proposed  and claimed to be secure against both passive and active attacks. In this note we propose a linear-time active attack against HB + .
We introduce a practical synchronous stream cipher with provable security named QUAD. The cipher relies on the iteration of a multivariate quadratic system of m equations in n < m unknowns over a finite field. The security of QUAD is provably reducible to the conjectured intractability of the MQ problem, namely solving a multivariate system of quadratic… (More)
Radio Frequency IDentifiers (RFID) are low-cost pervasive devices used in various settings for identification purposes: although they have originally been introduced to ease the supply chain management, they are already used in many other applications. Some of these applications need secure identification and ad-hoc authentication protocols have to be… (More)
Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the… (More)
Grain  is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT . Its 160-bit internal state is divided into a LFSR and an NFSR of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By… (More)
The information in this document is provided as is, and no guarantee or warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.
Rainbow is a fast asymmetric multivariate signature algorithm proposed by J. Ding and D. Schmidt in . This paper presents a cryptanalysis of Rainbow which enables an attacker provided with the public key to recover an equivalent representation of the secret key, thus allowing her to efficiently forge a signature of any message. For the set of parameter… (More)