Generic Attack on Duplex-Based AEAD Modes Using Random Function Statistics

Duplex-based authenticated encryption modes with a sufficiently large key length are proven to be secure up the birthday bound $$2^{\frac{c}{2}}$$ , where c is capacity. However this not known tight and complexity of best generic attack, which based on multicollisions, much larger: it reaches $$\frac{2^c}{\alpha }$$ $$\alpha $$ represents small security loss factor. There thus an uncertainty true extent beyond provided by such constructions. In paper, we describe new attack against several duplex-based AEAD modes. Our leverages random functions statistics produces forgery in time $$\mathcal {O}(2^{\frac{3c}{4}})$$ using negligible memory no queries. Furthermore, for some modes, our recovers secret amount additional computations. Most notably, breaks claim made designers NIST lightweight competition candidate Xoodyak. This step further towards determining exact