<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link href="/css/dist/css/bootstrap.min.css" rel="stylesheet"> <title>Search results</title> <link rel="stylesheet" href="/css/eprint.css?v=10"> <style> input { background-color: #e8e8e8 !important; } mark { font-weight: 600; padding: .2em 0px .2em 0px; color: black; } span.term { font-weight: 700 !important; font-family: var(--bs-font-monospace), monospace !important; } form { background-color:#fff; } @media (min-width: 768px) { form { position:sticky;top:6rem; } } </style> <meta name="description" content="Search the Cryptology ePrint Archive"> </head> <body> <noscript> <h1 class="text-center">What a lovely hat</h1> <h4 class="text-center">Is it made out of <a href="https://iacr.org/tinfoil.html">tin foil</a>?</h4> </noscript> <div class="fixed-top" id="topNavbar"> <nav class="navbar navbar-custom navbar-expand-lg"> <div class="container px-0 justify-content-between justify-content-lg-evenly"> <div class="order-0 align-items-center d-flex"> <button class="navbar-toggler btnNoOutline" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false"> <span class="icon-bar top-bar"></span> <span class="icon-bar middle-bar"></span> <span class="icon-bar bottom-bar"></span> </button> <a class="d-none me-5 d-lg-inline" href="https://iacr.org/"><img class="iacrlogo" src="/img/iacrlogo_small.png" alt="IACR Logo" style="max-width:6rem;"></a> </div> <a class="ePrintname order-1" href="/"> <span class="longNavName">Cryptology ePrint Archive</span> </a> <div class="collapse navbar-collapse order-3" id="navbarContent"> <ul class="navbar-nav me-auto ms-2 mb-2 mb-lg-0 justify-content-end w-100"> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Papers </a> <ul class="dropdown-menu me-3" aria-labelledby="navbarDropdown"> <span class="text-dark mx-3" style="white-space:nowrap;">Updates from the last:</span> <li><a class="dropdown-item ps-custom" href="/days/7">7 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/31">31 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/183">6 months</a></li> <li><a class="dropdown-item ps-custom" href="/days/365">365 days</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/byyear">Listing by year</a></li> <li><a class="dropdown-item" href="/complete">All papers</a></li> <li><a class="dropdown-item" href="/complete/compact">Compact view</a></li> <li><a class="dropdown-item" href="https://www.iacr.org/news/subscribe">Subscribe</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/citation.html">How to cite</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/rss">Harvesting metadata</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="submissionsDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Submissions </a> <ul class="dropdown-menu me-3" aria-labelledby="submissionsDropdown"> <li><a class="dropdown-item" href="/submit">Submit a paper</a></li> <li><a class="dropdown-item" href="/revise">Revise or withdraw a paper</a></li> <li><a class="dropdown-item" href="/operations.html">Acceptance and publishing conditions</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="aboutDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> About </a> <ul class="dropdown-menu me-3" aria-labelledby="aboutDropdown"> <li><a class="dropdown-item" href="/about.html">Goals and history</a></li> <li><a class="dropdown-item" href="/news.html">News</a></li> <li><a class="dropdown-item" href="/stats">Statistics</a></li> <li><a class="dropdown-item" href="/contact.html">Contact</a></li> </ul> </li> </ul> </div> <div class="dropdown ps-md-2 text-right order-2 order-lg-last"> <button class="btn btnNoOutline" type="button" id="dropdownMenuButton1" data-bs-toggle="dropdown" aria-expanded="false"> <img src="/img/search.svg" class="searchIcon" alt="Search Button"/> </button> <div id="searchDd" class="dropdown-menu dropdown-menu-end p-0" aria-labelledby="dropdownMenuButton1"> <form action="/search" method="GET"> <div class="input-group"> <input id="searchbox" name="q" type="search" class="form-control" autocomplete="off"> <button class="btn btn-secondary border input-group-append ml-2"> Search </button> </div> </form> <div class="ms-2 p-1 d-none"><a href="/search">Advanced search</a></div> </div> </div> </div> </nav> </div> <main id="eprintContent" class="container px-3 py-4 p-md-4"> <div class="row"> <div class="col-12 col-lg-4"> <form class="p-2 pt-md-4 align-items-end needs-validation" novalidate onsubmit="return validateForm()" method="GET" action="/search"> <label for="anything" class="mt-2 form-label">Match anything</label> <input type="text" name="q" class="form-control form-control-sm" id="anything" aria-label="Match anything" value="E0"> <label for="title" class="mt-4 form-label">Match title</label> <input type="text" name="title" class="form-control form-control-sm" id="title" aria-label="Match title" value=""> <label for="authors" class="mt-4 form-label">Match authors</label> <input type="text" name="authors" class="form-control form-control-sm" id="authors" aria-label="Match authors" value=""> <label for="category" class="mt-4 form-label">Category</label><br> <select class="form-select form-select-sm" id="category" name="category" aria-label="Category"> <option value="">All categories</option> <option value="APPLICATIONS" >Applications</option> <option value="PROTOCOLS" >Cryptographic protocols</option> <option value="FOUNDATIONS" >Foundations</option> <option value="IMPLEMENTATION" >Implementation</option> <option value="SECRETKEY" >Secret-key cryptography</option> <option value="PUBLICKEY" >Public-key cryptography</option> <option value="ATTACKS" >Attacks and cryptanalysis</option> </select> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="submittedafter" class="mt-4 form-label">Submitted after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedafter" name="submittedafter" aria-label="Submitted after" value="None" placeholder="Enter a year"> </div> <div class="col-6"> <label for="submittedbefore" class="mt-4 form-label">Submitted before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedbefore" name="submittedbefore" aria-label="Submitted before" value="None" placeholder="Enter a year"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> </div> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="revisedafter" class="mt-4 form-label">Revised after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedafter" name="revisedafter" aria-label="Revised after" placeholder="Enter a year" value="None"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> <div class="col-6"> <label for="revisedbefore" class="mt-4 form-label">Revised before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedbefore" name="revisedbefore" aria-label="Revised before" value="None" placeholder="Enter a year"> </div> </div> <div class="d-none d-lg-flex mt-3"> <div class="form-check"> <input type="checkbox" id="relevance" name="relevance" > <label for="relevance" class="form-check-label ms-2">Sort by relevance</label> </div> </div> <div class="mt-3 d-flex"> <button class="btn btn-primary btn-sm" type="submit">Search</button> <button id="clearButton" class="btn btn-secondary btn-sm ms-2" type="button">Clear</button> <button id="helpButton" class="btn btn-info btn-sm ms-auto" type="button" data-bs-toggle="modal" data-bs-target="#helpModal">Help</button> </div> </form> <div class="modal" tabindex="-1" id="helpModal"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="modal-header"> <h4 class="modal-title">Search Help</h4> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <p> You can search for a phrase by enclosing it in double quotes, e.g., <span class="term text-nowrap"><a href="/search?q=%22differential%20privacy%22">"differential privacy"</a></span>. </p> <p> You can require or exclude specific terms using + and -. For example, to search for papers that contain the term elliptic but not the term factoring, use <span class="term text-nowrap"><a href="/search?q=%2Belliptic%20-factoring">+elliptic -factoring</a></span> </p> <p> To search in a title or for author name, use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20author%3Aboneh">title:isogeny author:boneh</a></span>. If you want to require both, you can use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20author%3Aboneh">title:isogeny AND author:boneh</a></span> because it recognizes logical operators <span class="term">AND</span> and <span class="term">OR</span>. This is equivalent to <a href="/search?title=isogeny&authors=boneh">using the individual fields</a> for author and title. You can also use NOT to negate a condition, as with <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20NOT%20author%3Aboneh">title:isogeny AND NOT author:boneh</a></span> to search for papers with an author other than Boneh. </p> <p> To find documents containing a term starting with the string <span class="term">differe</span>, use <span class="term"><a href="/search?q=differe%2A">differe*</a></span>. This will match the terms difference, different, and differential </p> <p> Note that search applies stemming, so that if you search for <span class="term">yield</span> it will also match terms <span class="term">yields</span> and <span class="term">yielding</span>. If you want to disable stemming, capitalize the term. A search for <span class="term">Adam</span> will not match the term 'Adams'. </p> <p> The system attempts to recognize possible misspellings. This is perhaps a source of amusement more than anything else. </p> <p> This currently searches the text in titles, authors, abstracts, and keywords, but does not search in the PDF or PS itself. </p> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div> <!-- Parsed query: Query((e0@1 AND_MAYBE PostingSource(Xapian::ValueWeightPostingSource(slot=2)))) --> </div> <div class="col-12 col-lg-8" style="min-height:80vh"> <h4 class="mt-3 ms-4">9 results sorted by ID</h5> <div class="alert alert-info ms-lg-4">Possible spell-corrected query: <a href="/search?q=e_0">e_0</a></div> <div class="ms-lg-4 mt-3 results"> <div class="mb-4"> <div class="d-flex"><a title="2025/466" class="paperlink" href="/2025/466">2025/466</a> <span class="ms-2"><a href="/2025/466.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Algebraic Cryptanalysis of Small-Scale Variants of Stream Cipher E0</strong> <div class="mt-1"><span class="fst-italic">Jan Dolejš, Martin Jureček</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-ATTACKS">Attacks and cryptanalysis</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This study explores the algebraic cryptanalysis of small-scale variants of the E0 stream cipher, a legacy cipher used in the Bluetooth protocol. By systematically reducing the size of the linear feedback shift registers (LFSRs) while preserving the cipher’s core structure, we investigate the relationship between the number of unknowns and the number of consecutive keystream bits required to recover the internal states of the LFSRs. Our work demonstrates an approximately linear relationship...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1479" class="paperlink" href="/2022/1479">2022/1479</a> <span class="ms-2"><a href="/2022/1479.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-07-31</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Note on Constructing SIDH-PoK-based Signatures after Castryck-Decru Attack</strong> <div class="mt-1"><span class="fst-italic">Jesús-Javier Chi-Domínguez</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In spite of the wave of devastating attacks on SIDH, started by Castryck-Decru (Eurocrypt 2023), there is still interest in constructing quantum secure SIDH Proofs of Knowledge (PoKs). For instance, SIDH PoKs for the Fixed Degree Relation, aim to prove the knowledge of a fixed degree d isogeny ω between the elliptic curve E0 and the public keys E1, E2. In such cases, the public keys consist of only the elliptic curves (without image of auxiliary points), which suggests that the Castryck-...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/016" class="paperlink" href="/2022/016">2022/016</a> <span class="ms-2"><a href="/2022/016.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-08-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>An algebraic attack to the Bluetooth stream cipher E0</strong> <div class="mt-1"><span class="fst-italic">Roberto La Scala, Sergio Polese, Sharwan K. Tiwari, Andrea Visconti</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we study the security of the Bluetooth stream cipher E0 from the viewpoint it is a “difference stream cipher”, that is, it is defined by a system of explicit difference equations over the finite field GF(2). This approach highlights some issues of the Bluetooth encryption such as the invertibility of its state transition map, a special set of 14 bits of its 132-bit state which when guessed implies linear equations among the other bits and finally a small number of spurious...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2015/757" class="paperlink" href="/2015/757">2015/757</a> <span class="ms-2"><a href="/2015/757.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2015-07-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Stream Cipher Operation Modes with Improved Security against Generic Collision Attacks</strong> <div class="mt-1"><span class="fst-italic">Matthias Hamann, Matthias Krause</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Most stream ciphers used in practice are vulnerable against generic collision attacks, which allow to compute the secret initial state on the basis of O(2^{n/2}) keystream bits in time and space O(2^{n/2}), where n denotes the inner state length of the underlying keystream generator. This implies the well-known rule that for reaching n-bit security, the inner state length should be at least 2n. Corresponding to this, the inner state length of recent proposals for practically used stream...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2010/129" class="paperlink" href="/2010/129">2010/129</a> <span class="ms-2"><a href="/2010/129.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2010-03-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Relation for Algebraic Attack on E0 combiner</strong> <div class="mt-1"><span class="fst-italic">N. Rajesh Pillai, S. S. Bedi, Sanjay Kumar, Roopika Chaudhary</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The low degree relation for algebraic attacks on E0 combiner given in \cite{DBLP:conf/crypto/ArmknechtK03} had an error. The correct version of low degree relation for the E0 combiner for use in algebraic attack is given.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2006/303" class="paperlink" href="/2006/303">2006/303</a> <span class="ms-2"><a href="/2006/303.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2007-04-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Zero-knowledge-like Proof of Cryptanalysis of Bluetooth Encryption</strong> <div class="mt-1"><span class="fst-italic">Eric Filiol</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents a protocol aiming at proving that an encryption system contains structural weaknesses without disclosing any information on those weaknesses. A verifier can check in a polynomial time that a given property of the cipher system output has been effectively realized. This property has been chosen by the prover in such a way that it cannot been achieved by known attacks or exhaustive search but only if the prover indeed knows some unknown weaknesses that may effectively...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2006/072" class="paperlink" href="/2006/072">2006/072</a> <span class="ms-2"><a href="/2006/072.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2006-03-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptanalysis of the Bluetooth E0 Cipher using OBDD&#39;s</strong> <div class="mt-1"><span class="fst-italic">Yaniv Shaked, Avishai Wool</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we analyze the E0 cipher, which is the cipher used in the Bluetooth specifications. We adapted and optimized the Binary Decision Diagram attack of Krause, for the specific details of E0. Our method requires 128 known bits of the keystream in order to recover the initial value of the four LFSR&#39;s in the E0 system. We describe several variants which we built to lower the complexity of the attack. We evaluated our attack against the real (non-reduced) E0 cipher. Our best attack can...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2003/125" class="paperlink" href="/2003/125">2003/125</a> <span class="ms-2"><a href="/2003/125.pdf">(PDF)</a></span> <span class="ms-2"><a href="/2003/125.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2004-10-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Algebraic Attacks on Combiners with Memory and Several Outputs</strong> <div class="mt-1"><span class="fst-italic">Nicolas T. Courtois</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Algebraic attacks on stream ciphers proposed by Courtois et al. recover the key by solving an overdefined system of multivariate equations. Such attacks can break several interesting cases of LFSR-based stream ciphers, when the output is obtained by a Boolean function. As suggested independently by Courtois and Armknecht, this approach can be successfully extended also to combiners with memory, provided the number of memory bits is small. At Crypto 2003, Krause and Armknecht show that, for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2002/068" class="paperlink" href="/2002/068">2002/068</a> <span class="ms-2"><a href="/2002/068.ps">(PS)</a></span> <small class="ms-auto">Last updated: 2002-06-03</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved key recovery of level 1 of the Bluetooth Encryption System</strong> <div class="mt-1"><span class="fst-italic">Scott Fluhrer</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-SECRETKEY">Secret-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The encryption system \(E_{0}\), which is the encryption system used in the Bluetooth specification, is a two level system where a key and a packet nonce is given to a level 1 key stream generator, which produces the key for a level 2 key stream generator, whose output is used to encrypt. We give a method for recovering the key for the level 1 key stream generator given the internal keys for two or three level 2 key stream generators. This method, combined with published methods for...</p> </div> </div> </div> </div> </div> <script> document.getElementById('clearButton').addEventListener('click', function(ev) { document.querySelectorAll('input').forEach(el => { el.value = ''; }); document.getElementById('category').selectedIndex = "0"; }); function validateForm() { // check that dates are compatible. let submittedAfter = document.getElementById('submittedafter'); let submittedBefore = document.getElementById('submittedbefore'); let revisedAfter = document.getElementById('revisedafter'); let revisedBefore = document.getElementById('revisedbefore'); if (submittedAfter.value && submittedBefore.value && submittedAfter.value > submittedBefore.value) { submittedAfter.classList.add('is-invalid'); submittedBefore.classList.add('is-invalid'); return false; } if (revisedAfter.value && revisedBefore.value && revisedAfter.value > revisedBefore.value) { revisedAfter.classList.add('is-invalid'); revisedBefore.classList.add('is-invalid'); return false; } if (revisedBefore.value && submittedAfter.value && revisedBefore.value < submittedAfter.value) { revisedBefore.classList.add('is-invalid'); submittedAfter.classList.add('is-invalid'); return false; } return true; } </script> <script src="/js/mark.min.js"></script> <script> var instance = new Mark("div.results"); let urlParams = new URLSearchParams(window.location.search); if (urlParams.get('q')) { instance.mark(urlParams.get('q')); } if (urlParams.get('title')) { instance.mark(urlParams.get('title')); } if (urlParams.get('authors')) { instance.mark(urlParams.get('authors')); } </script> <!-- --> </main> <div class="container-fluid mt-auto" id="eprintFooter"> <a href="https://iacr.org/"> <img id="iacrlogo" src="/img/iacrlogo_small.png" class="img-fluid d-block mx-auto" alt="IACR Logo"> </a> <div class="colorDiv"></div> <div class="alert alert-success w-75 mx-auto"> Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content. </div> </div> <script src="/css/bootstrap/js/bootstrap.bundle.min.js"></script> <script> var topNavbar = document.getElementById('topNavbar'); if (topNavbar) { document.addEventListener('scroll', function(e) { if (window.scrollY > 100) { topNavbar.classList.add('scrolled'); } else { topNavbar.classList.remove('scrolled'); } }) } </script> </body> </html>