A Related Key Attack on the Word-Oriented BeepBeep Stream Cipher

Abstract

The word-oriented BeepBeep stream cipher, developed by Driscoll in FSE 2002, is proposed to provide integrity and confidentiality for embedded systems. There has been no attack on BeepBeep published until now. By exploiting a weakness of the BeepBeep stream cipher during its initialization, this paper presents a key recovery attack on the BeepBeep stream cipher in the related key setting. The attack recovers the 192-bit secret key of BeepBeep with a time complexity of $2^{128}$, requiring two related keys, $2^{32}$ chosen IVs and $2^{33}$ keystream words. This is the first cryptanalytic attack on BeepBeep which is significantly better than the exhaustive key search. The result shows that the BeepBeep stream cipher is vulnerable against the related key attack and can not provide the 192-bit security.