Practical attack on NLM-MAC scheme

Mohammad Ali Orumiehchiha, Josef Pieprzyk, Ron Steinfeld
2014 Information Processing Letters  
The NLM stream cipher designed by HoonJae Lee, SangMin Sung, HyeongRag Kim is a strengthened version of the LM summation generator that combines linear and non-linear feedback shift registers. In recent works, the NLM cipher has been used for message authentication in lightweight communication over wireless sensor networks and for RFID authentication protocols. The work analyses the security of the NLM stream cipher and the NLM-MAC scheme that is built on the top of the NLM cipher. We first
more » ... that the NLM cipher suffers from two major weaknesses that lead to key recovery and forgery attacks. We prove the internal state of the NLM cipher can be recovered with time complexity about n log7×2 , where the total length of internal state is 2 · n + 2 bits. The attack needs about n 2 key-stream bits. We also show adversary is able forge any MAC tag very efficiently by having only one pair (MAC tag, cipher-text). The proposed attacks are practical and break the scheme with a negligible error probability.
doi:10.1016/j.ipl.2014.04.010 fatcat:xz7s4baptjef3fbehjpsranvuq