 
Summary: Avoiding bias in cards cryptography
M.D. Atkinson
, H.P. van Ditmarsch
, and S. Roehling
April 8, 2008
1 Introduction
Public key cryptography bases its security on mathematical problems that are computation
ally hard to solve, such as the discrete logarithm problem or factoring the product of two large
primes. Advances in technology and new discoveries in mathematics make it more feasible to
solve these problems, i.e. it becomes more feasible to break the encryption.
An example of the former is the furore in the Netherlands early 2008 over the breaking
of the code of the OVchipcard, a smartcard to be introduced in public transport, such as
already in use in London and Hongkong. This is a Mifare Classic card, and its security is based
on the secrecy of the CRYPT01 algorithm. This algorithm was reconstructed by Nijmegen
University students, after which a brute force attack was effective because the keys used were
only 48 bits long. When the Dutch public transport companies decided to develop this card
48 bit keys were deemed secure, but today 96 bits is considered the minimum. The Nijmegen
students only needed 9 hours on advanced equipment to try out all 48 bit keys. (See http://
www.ru.nl/ds/group/press_release/ and http://www.smartcard.co.uk/mifare.html.)
An example of the latter is that Agrawal et al. (2004) show that to determine whether a
