Crypto-1
Encyclopedia
Crypto-1 is a proprietary encryption
algorithm created by NXP Semiconductors specifically for Mifare
RFID tags, including Oyster card
, CharlieCard
and OV-chipkaart
.
Recent cryptographic research
has shown that, "the security of this cipher is ... close to zero".
Crypto-1 is a stream cipher
very similar in its structure to its successor, Hitag2. Crypto-1 consists of
It can operate as an NLFSR
and as an LFSR, depending on its input parameters. Outputs of one or both linear and nonlinear functions can be fed back into the cipher state or used as its output filters. The usual operation of Crypto-1 and Hitag2 ciphers uses nonlinear feedback only during the initialization/authentication stage, switching to operation as LFSR with a nonlinear output filter for encrypting the tag's communications in both directions.
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
algorithm created by NXP Semiconductors specifically for Mifare
MIFARE
MIFARE is the NXP Semiconductors-owned trademark of a series of chips widely used in contactless smart cards and proximity cards. According to the producers, billions of smart card chips and many millions of reader modules have been sold...
RFID tags, including Oyster card
Oyster card
The Oyster card is a form of electronic ticketing used on public transport services within the Greater London area of the United Kingdom. It is promoted by Transport for London and is valid on a number of different travel systems across London including London Underground, buses, the Docklands...
, CharlieCard
CharlieCard
The CharlieCard is a MIFARE-based, contactless, stored value smart card used for electronic ticketing as part of the Automated Fare Collection system installed by the Massachusetts Bay Transportation Authority at its stations and on its vehicles...
and OV-chipkaart
OV-chipkaart
The OV-chipkaart is a contactless smart card system which is in the process of being introduced on all public transport in the Netherlands, including train, metro, tram and bus...
.
Recent cryptographic research
has shown that, "the security of this cipher is ... close to zero".
Crypto-1 is a stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
very similar in its structure to its successor, Hitag2. Crypto-1 consists of
- one 48-bit feedback shift register for the main secret state of the cipher,
- a linear function,
- a two-layer 20-to-1 nonlinear function and
- a 16-bit LFSR which is used during the authentication phase (which also serves as the pseudo random number generator on some card implementations).
It can operate as an NLFSR
NLFSR
A NLFSR is a common component in modern stream ciphers, especially in RFID and smartcard applications. NLFSRs are known to be more resistant to cryptanalytic attacks than Linear Feedback Shift Registers , although construction of large NLFSRs with guaranteed long periods remains an open...
and as an LFSR, depending on its input parameters. Outputs of one or both linear and nonlinear functions can be fed back into the cipher state or used as its output filters. The usual operation of Crypto-1 and Hitag2 ciphers uses nonlinear feedback only during the initialization/authentication stage, switching to operation as LFSR with a nonlinear output filter for encrypting the tag's communications in both directions.
External links
- Radboud Universiteit Nijmegen press release PDF (in English)
- NXP MF1 IC S50 data sheet PDF
- Details of Mifare reverse engineering by Henryk Plötz PDF (in German)
- C model of Crypto1 and code illustrating the hack
- Software-optimized Crypto-1 model
- Windows GUI Crypto1 tool, optimized for use with the Proxmark3