We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: An algebraic attack to the Bluetooth stream cipher E0

Abstract: In this paper we study the security of the Bluetooth stream cipher E0 from the viewpoint it is a "difference stream cipher", that is, it is defined by a system of explicit difference equations over the finite field GF(2). This approach highlights some issues of the Bluetooth encryption such as the invertibility of its state transition map, a special set of 14 bits of its 132-bit state which when guessed implies linear equations among the other bits and finally a small number of spurious keys, with 83 guessed bits, which are compatible with a keystream of about 60 bits. Exploiting these issues, we implement an algebraic attack using Gr\"obner bases, SAT solvers and Binary Decision Diagrams. Testing activities suggest that the version based on Gr\"obner bases is the best one and it is able to attack E0 in about 2^79 seconds on an Intel i9 CPU. To the best of our knowledge, this work improves any previous attack based on a short keystream, hence fitting with Bluetooth specifications.
Comments: 24 pages, 1 figure. To appear in Finite Fields and Their Applications
Subjects: Cryptography and Security (cs.CR); Symbolic Computation (cs.SC); Commutative Algebra (math.AC); Rings and Algebras (math.RA)
MSC classes: 11T71 (Primary) 12H10, 13P10 (Secondary)
Cite as: arXiv:2201.01262 [cs.CR]
  (or arXiv:2201.01262v2 [cs.CR] for this version)

Submission history

From: Roberto La Scala [view email]
[v1] Tue, 4 Jan 2022 17:53:57 GMT (70kb,D)
[v2] Mon, 8 Aug 2022 11:59:15 GMT (71kb,D)

Link back to: arXiv, form interface, contact.