We present a novel cryptanalysis of the Algebraic Eraser primitive. This key agreement scheme, based on techniques from permutation groups, matrix groups and braid groups, is proposed as an underlying technology for ISO/IEC 29167-20, which is intended for authentication of RFID tags. SecureRF, the company owning the trademark Algebraic Eraser, markets it as suitable in general for lightweight environments such as RFID tags and other IoT applications. Our attack is practical on standard hardware: for parameter sizes corresponding to claimed 128-bit security, our implementation recovers the shared key using less than 8 CPU hours, and less than 64MB of memory.
|Title of host publication||Advances in Cryptology - CRYPTO 2016|
|Subtitle of host publication||36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I|
|Editors||Matthew Robshaw, Jonathan Katz|
|Number of pages||11|
|Publication status||E-pub ahead of print - 21 Jul 2016|
|Name||Lecture Notes in Computer Science|
|Publisher||Springer Berlin Heidelberg|