A critical security flaw has been discovered in HALFLOOP-24, an encryption algorithm used by NATO and US military forces for high-frequency radio communications. Security researchers have demonstrated that the algorithm can be broken in just two hours of intercepted radio traffic, potentially exposing sensitive military communications.
HALFLOOP-24, introduced in 2017 as part of US military standards, was designed to protect automatic link establishment (ALE) protocols in high-frequency radio systems. These radio systems, operating between 3-30 MHz, are vital for long-distance military communications that don't require external infrastructure.
The vulnerability stems from a fundamental flaw in how HALFLOOP-24 handles encryption components called "tweaks." Using a technique known as differential cryptanalysis, attackers can bypass major portions of the encryption process and extract the secret key used to secure communications.
This security breach has two serious implications: First, it allows unauthorized parties to intercept and decode confidential ALE handshake messages. Second, it enables efficient denial-of-service attacks that could disrupt military communications.
HALFLOOP-24 was originally created as a scaled-down version of the Advanced Encryption Standard (AES), which remains one of the most widely used encryption algorithms. However, this modification process introduced weaknesses that compromised its security.
The discovery raises concerns about the security of military radio networks and highlights the challenges of adapting established encryption standards. Military organizations will likely need to reassess their communication security protocols in light of these findings.
This breakthrough follows earlier research into the SoDark cipher, a predecessor to HALFLOOP-24, suggesting a pattern of vulnerabilities in military radio encryption systems.