[Resource Topic] 2006/072: Cryptanalysis of the Bluetooth E0 Cipher using OBDD's

Welcome to the resource topic for 2006/072

Title:
Cryptanalysis of the Bluetooth E0 Cipher using OBDD’s

Authors: Yaniv Shaked, Avishai Wool

Abstract:

In this paper we analyze the E0 cipher, which is the cipher used
in the Bluetooth specifications. We adapted and optimized the Binary
Decision Diagram attack of Krause, for the specific details of
E0. Our method requires 128 known bits of the keystream in order
to recover the initial value of the four LFSR’s in the E0 system.
We describe several variants which we built to lower the complexity
of the attack. We evaluated our attack against the real
(non-reduced) E0 cipher. Our best attack can recover the initial
value of the four LFSR’s, for the first time, with a realistic space
complexity of 2^23 (84MB RAM), and with a time complexity of
2^87. This attack can be massively parallelized to
lower the overall time complexity. Beyond the
specifics of E0, our work describes practical experience with
BDD-based cryptanalysis, which so far has mostly been a theoretical
concept.

ePrint: https://eprint.iacr.org/2006/072

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .