Cryptanalysis of lightweight cryptographic algorithms

Stream ciphers are symmetric cipher systems which provide confidentiality in many applications ranging from mobile phone communication to virtual private networks. They may be implemented effciently in software and hardware and are a preferred choice when dealing with resource-constrained environments, such as smart cards, RFID tags,and sensor networks. This dissertation addresses cryptanalysis of several stream ciphers, and a hash function based on stream cipher. Also, the thesis investigates the design principles and security of stream ciphers built from nonlinear feedback shift registers. In a design view, any cryptographic attack shows a weak point in the design and immediately can be converted into an appropriate design criterion. Firstly, this thesis focuses on the WG-7, a lightweight stream cipher. It is shown that thekey stream generated by WG-7 can be distinguished from a random sequence with a negligible error probability. In addition, a key-recovery attack on the cipher has been successfully proposed. Then, a security evaluation of the Rakaposhi stream cipher identifies weaknesses of the cipher. The main observation shows that the initialisation procedure has a sliding property. This property can be used to launch distinguishing and key-recovery attacks. Further, the cipher is studied when the registers enter short cycles. In this case, the internal state can be recovered with less complexity than exhaustive search. New security features of a specific design based on nonlinear feedback shift registers have been explored. The idea applies a distinguishing attack on linearly filtered nonlinear feedback shift registers. The attack extends the idea on linear combinations of linearly filtered nonlinear feedback shift registers as well. The proposed attacks allow the attacker to mount linear attacks to distinguish the output of the cipher and recover its internal state. The next topic analyses a new lightweight communication framework called NLM-MAC. Several critical cryptographic weaknesses leading to key-recovery and forgery attack have been indicated. It is shown that the adversary can recover the internal state of the NLM generator. The attacker also is able to forge any MAC tag in real time. The proposed attacks are completely practical and break the scheme. Another part demonstrates some new cryptographic attacks on RC4(n,m) stream cipher. The investigations have revealed several weaknesses of the cipher. Firstly, a distinguisher for the cipher is proposed. Secondly, a key-recovery attack uses a method to find the secret key in real time. Finally, the RC4-BHF hash function that is based on the well-known RC4 stream cipher is analysed. Two attacks on RC4-BHF have been developed. In the first attack, the adversary is able to find collisions for two different messages. The second attack shows how to design a distinguisher that can tell apart the sequence generated by RC4-BHF from a random one.