Real-time state recovery attack against MORUS in nonce-misuse setting
نویسندگان
چکیده
منابع مشابه
EHE: nonce misuse-resistant message authentication
We propose a nonce misuse-resistant message authentication scheme called EHE (Encrypt-Hash-Encrypt). In EHE, a message-dependent polynomial is evaluated at the point which is an encrypted nonce. The resulting polynomial hash value is encrypted again and becomes an authentication tag. We prove the prf-security of the EHE scheme and extend it to two authenticated encryption modes which follow the...
متن کاملTrivial Nonce-Misusing Attack on Pure OMD
Pure OMD is an authenticated encryption mode that will be presented by Reyhanitabar et al. at FSE 2015. It is (among others) claimed to achieve authenticity against nonce-misusing adversaries. We show that this claim is incorrect, by presenting an adversary that makes 3 queries (including the forgery) of a total complexity 6.
متن کاملSecurity Proof of JAMBU under Nonce Respecting and Nonce Misuse Cases
JAMBU is an AEAD mode of operation which entered the third round of CAESAR competition. However, it does not have a security proof like other modes of operation do, and there was a cryptanalysis result that has overthrown the security claim under nonce misuse case by the designers. In this paper, we complement the shortage of the scheme by giving security proofs of JAMBU both under nonce respec...
متن کاملEWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC
We propose a nonce-based MAC construction called EWCDM (Encrypted Wegman-Carter with Davies-Meyer), based on an almost xoruniversal hash function and a block cipher, with the following properties: (i) it is simple and efficient, requiring only two calls to the block cipher, one of which can be carried out in parallel to the hash function computation; (ii) it is provably secure beyond the birthd...
متن کاملDifferential-Linear Cryptanalysis of ICEPOLE
ICEPOLE is a CAESAR candidate with the intermediate level of robustness under nonce misuse circumstances in the original document. In particular, it was claimed that key recovery attack against ICEPOLE is impossible in the case of nonce misuse. ICEPOLE is strong against the differential cryptanalysis and linear cryptanalysis. In this paper, we developed the differential-linear attacks against I...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Science China Information Sciences
سال: 2019
ISSN: 1674-733X,1869-1919
DOI: 10.1007/s11432-017-9457-x