Conference paper
Cryptanalysis of Tav-128 hash function
Many RFID protocols use cryptographic hash functions for their security. The resource constrained nature of RFID systems forces the use of light weight cryptographic algorithms. Tav-128 is one such 128-bit light weight hash function proposed by Peris-Lopez et al. for a low-cost RFID tag authentication protocol.
Apart from some statistical tests for randomness by the designers themselves, Tav-128 has not undergone any other thorough security analysis. Based on these tests, the designers claimed that Tav-128 does not posses any trivial weaknesses. In this article, we carry out the first third party security analysis of Tav-128 and show that this hash function is neither collision resistant nor second preimage resistant.
Firstly, we show a practical collision attack on Tav-128 having a complexity of 237 calls to the compression function and produce message pairs of arbitrary length which produce the same hash value under this hash function. We then show a second preimage attack on Tav-128 which succeeds with a complexity of 262 calls to the compression function.
Finally, we study the constituent functions of Tav-128 and show that the concatenation of nonlinear functions A and B produces a 64-bit permutation from 32-bit messages. This could be a useful light weight primitive for future RFID protocols.
Language: | English |
---|---|
Publisher: | Springer |
Year: | 2010 |
Pages: | 118-130 |
Proceedings: | 11th International Conference on Cryptology in India |
Series: | Lecture Notes in Computer Science |
Journal subtitle: | 11th International Conference on Cryptology in India |
ISBN: | 1280390549 , 3642174000 , 3642174019 , 9781280390548 , 9783642174001 and 9783642174018 |
ISSN: | 03029743 |
Types: | Conference paper |
DOI: | 10.1007/978-3-642-17401-8_10 |