Skip to Main Content
Hardware efficient encryption algorithms are necessary for applications like low cost Radio Frequency Identification (RFID) tags. In order to keep the cost as low as possible, the designers of lightweight algorithms are using simplified versions of well studied components. Unfortunately, in most cases this simplification leads to weak constructions. In this paper, we investigate one such case. Recently, a low hardware complexity binary additive stream cipher was proposed in the Computers & Security journal. This stream cipher is based on a simplified version of a family of universal hash functions. The new family is called Toeplitz hash. The Toeplitz hash functions can be very efficiently implemented on hardware and for that the proposed stream cipher is suitable for low cost applications. However, we demonstrate that the security of the cipher is much weaker than it was claimed. More precisely, we introduce a known-plaintext attack that can retrieve the secret key with very low computational complexity that requires only a few known keystream bits by taking advantage of the low cost.