Universal Forgery and Key Recovery Attacks: Application to FKS, FKD and Keyak
نویسندگان
چکیده
In this paper, we provide a security analysis of the FullState Keyed Sponge (FKS), Full-State Keyed Duplex (FKD) and Keyak, one of the third-round CAESAR candidates, in the classic setting and the quantum model, respectively. In the classic setting, we present an universal forgery attack that can be implemented in O(2) queries, where c is the capacity. In the quantum model, by utilizing the Simon’s algorithm, we propose an efficient universal forgery attack to FKS, FKD and Keyak with complexity of O(c). Moreover, we also propose an efficient key recovery attack that can be implemented in O(c). Such attacks show that FKS, FKD and Keyak is completely broken in the quantum model.
منابع مشابه
Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm
In this paper, we provide a security analysis of ELmD: a block cipher based Encrypt-Linear-mix-Decrypt authentication mode. As being one of the second-round CAESAR candidate, it is claimed to provide misuse resistant against forgeries and security against blockwise adaptive adversaries as well as 128-bit security against key recovery attacks. We scrutinize ElmD in such a way that we provide uni...
متن کاملTwisted Polynomials and Forgery Attacks on GCM
Polynomial hashing as an instantiation of universal hashing is a widely employed method for the construction of MACs and authenticated encryption (AE) schemes, the ubiquitous GCM being a prominent example. It is also used in recent AE proposals within the CAESAR competition which aim at providing nonce misuse resistance, such as POET. The algebraic structure of polynomial hashing has given rise...
متن کاملCube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function
In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely pract...
متن کاملKey-Recovery Attacks on Universal Hash Function Based MAC Algorithms
This paper discusses key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions. The attacks use a substantial number of verification queries but eventually allow for universal forgeries instead of existential or multiple forgeries. This means that the security of the algorithms completely collapses once a few forgeries are found. Some of these attack...
متن کاملConditional Cube Attack on Reduced-Round Keccak Sponge Function
Since Keccak was selected as SHA-3 hash function by NIST, it has attracted considerable attention from cryptographic researchers. Keccak sponge function [1] has also been used to design message authentication codes (MAC) and authenticated encryption (AE) scheme Keyak. Till now, the most efficient key recovery attacks on Keccak-MAC and Keyak are cube attacks and cube-attack-like cryptanalysis pr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017