Ciphertext Forgery on HANUMAN
نویسنده
چکیده
HANUMAN is a mode of operation of a keyless cryptographic permutation for nonce-based authenticated encryption with associated data, included among the modes bundled in the PRIMATEs candidate in the currently ongoing CAESAR competition. HANUMAN is a sponge-like mode whose design and security argument are inspired by the SpongeWrap construction. We identify a flaw in the domain separation of HANUMAN, and show how to exploit it to efficiently produce ciphertext forgeries.
منابع مشابه
Practical Forgeries and Distinguishers against PAES
We present two practical attacks on the CAESAR candidate PAES. The rst attack is a universal forgery for any plaintext with at least 240 bytes. It works for the nonce-repeating variant of PAES and in a nutshell it is a state recovery based on solving di erential equations for the S-Box leaked through the ciphertext that arise when the plaintext has a certain di erence. We show that to produce t...
متن کاملForgery of Provable Secure Short Signcryption Scheme
In this paper, we analyse Ma signcryption scheme [4] proposed in Inscrypt’2006. Although Ma signcryption scheme [4] is probably secure against adaptive chosen ciphertext attacks and forgery, we show that Ma signcryption scheme is easily forgeable by the receiver and the receiver can impersonate the sender to forge any valid signcryption to any receiver. key words: cryptography, signcryption
متن کاملConvertible Authenticated Encryption Scheme with Hierarchical Access Control
Convertible authenticated encryption (CAE) scheme with hierarchical access control has crucial benefits to the transmission of digital evidence. Such a scheme allows a judicial policeman to generate an authenticated ciphertext and only a designated investigator of Investigation of Bureau, Ministry of Justice (MJIB) has the ability to decrypt the ciphertext and verify the corresponding signature...
متن کاملForgery Attack to an Asymptotically Optimal Traitor Tracing Scheme
In this paper, we present a forgery attack to a black-box traitor tracing scheme [2] called as CPP scheme. CPP scheme has efficient transmission rate and allows the tracer to identify a traitor with just one invalid ciphertext. Since the original CPP scheme is vulnerable to the multi-key attack, we improved CPP to thwart the attack. However, CPP is vulnerable to a fatal forgery attack. In the f...
متن کاملA practical forgery and state recovery attack on the authenticated cipher PANDA-s
PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a state recovery attack against PANDA-s with time complexity about 2 under the known-plaintext-attack model, which needs 137 pairs of known plaintext/ciphertext and about 2GB memories. Our attack is practical in a small workstation. Based on the above attac...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016