Skip to Main Content
In this paper we analyze the E₀ cipher, which is the encryption system used in the Bluetooth specification. We suggest a uniform framework for cryptanalysis of the E₀ cipher. Our method requires 128 known bits of the keystream in order to recover the initial state of the LFSRs, which reflects the secret key of this encryption engine. In one setting, our framework reduces to an attack of D. Bleichenbacher. In another setting, our framework is equivalent to an attack presented by Fluhrer and Lucks. Our best attack can recover the initial state of the LFSRs after solving 2⁸⁶ boolean linear systems of equations, which is roughly equivalent to the results obtained by Fluhrer and Lucks.
Date of Conference: 05-09 Sept. 2005