International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 06 May 2015

Philipp Jovanovic, Samuel Neves
ePrint Report ePrint Report
This paper analyses the cryptography used in the Open Smart Grid Protocol

(OSGP). The authenticated encryption (AE) scheme deployed by OSGP is a

non-standard composition of RC4 and a home-brewed MAC, the ``OMA digest\'\'.

We present several practical key-recovery attacks against the OMA digest. The

first and basic variant can achieve this with a mere $13$ queries to an OMA

digest oracle and negligible time complexity. A more sophisticated version

breaks the OMA digest with only $4$ queries and a time complexity of about

$2^{25}$ simple operations. A different approach only requires one arbitrary

valid plaintext-tag pair, and recovers the key in an average of $144$

\\emph{message verification} queries, or one ciphertext-tag pair and $168$

\\emph{ciphertext verification} queries.

Since the encryption key is derived from the key used by the OMA digest, our

attacks break both confidentiality and authenticity of OSGP.

Expand

Additional news items may be found on the IACR news page.