Smashing SQUASH-0

14 years 5 months ago

Download lasecwww.epfl.ch

At the RFID Security Workshop 2007, Adi Shamir presented a new challenge-response protocol well suited for RFIDs, although based on the Rabin public-key cryptosystem. This protocol, which we call SQUASH-0, was using a linear mixing function which was subsequently withdrawn. Essentially, we mount an attack against SQUASH-0 with full window which could be used as a "known random coins attack" against Rabin-SAEP. We then extend it for SQUASH-0 with arbitrary window. We apply it with the proposed modulus 21 277 - 1 to run a key recovery attack using 1 024 chosen challenges. Since the security arguments equally apply to the final version of SQUASH and to SQUASH-0, we challenge the blame-game argument for the security of SQUASH. Nevertheless, our attacks are inefficient when using non-linear mixing so the security of SQUASH remains open. Key words: RFID, cryptanalysis, MAC 1 The SQUASH Algorithm RFID tags use challenge-response protocols in which a reader sends a random challenge t...

Khaled Ouafi, Serge Vaudenay

Real-time Traffic

Cryptography | EUROCRYPT 2009 | Rabin Public-key Cryptosystem | RFID Security Workshop | RFID Tags |

claim paper

Post Info
More Details (n/a)

Added	24 Nov 2009
Updated	24 Nov 2009
Type	Conference
Year	2009
Where	EUROCRYPT
Authors	Khaled Ouafi, Serge Vaudenay

Comments (0)

Sciweavers

Smashing SQUASH-0

Cryptography | EUROCRYPT 2009 | Rabin Public-key Cryptosystem | RFID Security Workshop | RFID Tags |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers