Generic Attack on Duplex-Based AEAD Modes Using Random Function Statistics

Item request has been placed!

Item request cannot be made.

Processing Request

Read More Add to Saved list

Author(s): Gilbert, Henri; Khati, Louiza; Heim Boissier, Rachelle; Rotella, Yann
Source:
42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023
https://hal.science/hal-04268883
42nd Annual International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT 2023, Apr 2023, Lyon, France. ⟨10.1007/978-3-031-30634-1_12⟩
Subject Terms:
AEAD; Cryptanalysis; Duplex-based constructions; NIST lightweight competition; Symmetric cryptography; Xoodyak Random functions; [INFO]Computer Science [cs]; [MATH]Mathematics [math]
Document Type:
conference object
Language:
English

Additional Information
- Contributors:
  Laboratoire de Mathématiques de Versailles (LMV); Université de Versailles Saint-Quentin-en-Yvelines (UVSQ)-Université Paris-Saclay-Centre National de la Recherche Scientifique (CNRS); Agence nationale de la sécurité des systèmes d'information (ANSSI)
- Publication Information:
  HAL CCSD
- Publication Date:
  2023
- Collection:
  Université de Versailles Saint-Quentin-en-Yvelines: HAL-UVSQ
- Subject Terms:
  Lyon; France
- Abstract:
  International audience ; Duplex-based authenticated encryption modes with a sufficiently large key length are proven to be secure up to the birthday bound 2c2, where c is the capacity. However this bound is not known to be tight and the complexity of the best known generic attack, which is based on multicollisions, is much larger: it reaches 2cα where α represents a small security loss factor. There is thus an uncertainty on the true extent of security beyond the bound 2c2 provided by such constructions. In this paper, we describe a new generic attack against several duplex-based AEAD modes. Our attack leverages random functions statistics and produces a forgery in time complexity O(23c4) using negligible memory and no encryption queries. Furthermore, for some duplex-based modes, our attack recovers the secret key with a negligible amount of additional computations. Most notably, our attack breaks a security claim made by the designers of the NIST lightweight competition candidate Xoodyak. This attack is a step further towards determining the exact security provided by duplex-based constructions.
- Relation:
  hal-04268883; https://hal.science/hal-04268883; https://hal.science/hal-04268883/document; https://hal.science/hal-04268883/file/2023-262.pdf
- Accession Number:
  10.1007/978-3-031-30634-1_12
- Online Access:
  https://doi.org/10.1007/978-3-031-30634-1_12
  https://hal.science/hal-04268883
  https://hal.science/hal-04268883/document
  https://hal.science/hal-04268883/file/2023-262.pdf
- Rights:
  info:eu-repo/semantics/OpenAccess
- Accession Number:
  edsbas.9FC0DF5

Comments

No Comments.