@inproceedings{b6ffdf199cb54020b9722826016f014f,
title = "Cryptanalysis of the Bluetooth E0 cipher using OBDD's",
abstract = "In this paper we analyze the E0 cipher, which is the cipher used in the Bluetooth specifications. We adapted and optimized the Binary Decision Diagram attack of Krause, for the specific details of E0. Our method requires 128 known bits of the keystream in order to recover the initial value of the four LFSR's in the E0 system. We describe, several variants which we built to lower the complexity of the attack. We evaluated our attack against the real (non-reduced) E0 cipher. Our best attack can recover the initial value of the four LFSR's, for the first time, with a realistic space complexity of 223 (84MB RAM), and with a time complexity of 287. This attack can be massively parallelized to lower the overall time complexity. Beyond the specifics of E0, our work describes practical experience with BDD-based cryptanalysis, which so far has mostly been a theoretical concept.",
keywords = "BDD, Bluetooth, Cryptanalysis, Stream cipher",
author = "Yaniv Shaked and Avishai Wool",
year = "2006",
doi = "10.1007/11836810_14",
language = "אנגלית",
isbn = "3540383417",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "187--202",
booktitle = "Information Security - 9th International Conference, ISC 2006, Proceedings",
note = "9th International Information Security Conference, ISC 2006 ; Conference date: 30-08-2006 Through 02-09-2006",
}