Details:
Title  Practical algebraic attacks on the Hitag2 stream cipher.  Author(s)  Nicolas T. Courtois, Sean ONeil, JeanJacques Quisquater  Type  Book, Chapter in Book, Conference Proceeding  Abstract  Hitag2 is a stream cipher that is widely used in RFID car locks in the automobile industry. It can be seen as a (much) more secure version of the [in]famous Crypto1 cipher that is used in MiFare Classic RFID products [14,20,15]. Recently, a specification of Hitag2 was circulated on the Internet [29]. Is this cipher secure w.r.t. the recent algebraic attacks [8,17,1,25] that allowed to break with success several LFSRbased stream ciphers? After running some computer simulations we saw that the Algebraic Immunity [25] is at least 4 and we see no hope to get a very efficient attack of this type.
However, there are other algebraic attacks that rely on experimentation but nevertheless work. For example Faugère and Ars have discovered that many simple stream ciphers can be broken experimentally with Gröbner bases, given an extremely small quantity of keystream, see [17]. Similarly reducedround versions of DES [9] and KeeLoq [11,12] were broken using SAT solvers, that actually seem to outperform Gröbner basis techniques. Thus, we have implemented a generic experimental algebraic attack with conversion and SAT solvers,[10,9]. As a result we are able to break Hitag2 quite easily, the full key can be recovered in a few hours on a PC. In addition, given the specific protocol in which Hitag2 cipher is used in cars, some of our attacks are practical.  Keywords  link.springer.com/chapter/10.1007%2F9783642044748_14  ISBN  9783642044731/pbk 
URL 
RFID tags, Hitag 2 algorithm, MiFare Crypto1 cipher 
Language  English  Pages  167176  Publisher  Berlin: Springer  Year  2009  Edition  0  Translation 
No  Refereed 
No 
