Related-Key Forgeries for Prøst-OTR

نویسندگان

  • Christoph Dobraunig
  • Maria Eichlseder
  • Florian Mendel
چکیده

We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can forge the ciphertext and tag for a modified message under K. If we can query ciphertexts for chosen messages under K ⊕ ∆, we can achieve almost universal forgery for K. The computational complexity is negligible.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions

We show that a distinguishing attack in the related key model on an EvenMansour block cipher can readily be converted into an extremely efficient key recovery attack. Concerned ciphers include in particular all iterated Even-Mansour schemes with independent keys. We apply this observation to the Caesar candidate Prøst-OTR and are able to recover the whole key with a number of requests linear in...

متن کامل

Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms

This paper discusses key recovery and universal forgery attacks on several MAC algorithms based on universal hash functions. The attacks use a substantial number of verification queries but eventually allow for universal forgeries instead of existential or multiple forgeries. This means that the security of the algorithms completely collapses once a few forgeries are found. Some of these attack...

متن کامل

XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees

We present XPX, a tweakable blockcipher based on a single permutation P . On input of a tweak (t11, t12, t21, t22) ∈ T and a message m, it outputs ciphertext c = P (m⊕∆1)⊕∆2, where ∆1 = t11k⊕t12P (k) and ∆2 = t21k⊕t22P (k). Here, the tweak space T is required to satisfy a certain set of trivial conditions (such as (0, 0, 0, 0) 6∈ T ). We prove that XPX with any such tweak space is a strong twea...

متن کامل

Identification of an extracellular segment of the oxytocin receptor providing agonist-specific binding epitopes.

The effects of the peptide hormone oxytocin are mediated by oxytocin receptors (OTRs) expressed by the target tissue. The OTR is a member of the large family of G-protein-coupled receptors. Defining differences between the interaction of agonists and antagonists with the OTR at the molecular level is of fundamental importance, and is addressed in this study. Using truncated and chimaeric recept...

متن کامل

Examining the Ethical Foundations of Compensation for Mistakes and Forgeries in the Preparation of Official Documents

Background: Preparing a formal transaction document is one of the specific duties of notaries public, which requires the use and observance of various substantive and formal conditions. Failure to comply with any of these conditions can lead to the annulment of the document by the court and the responsibility to compensate the clerks. Compensation by the clerks in various articles such as Artic...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2015  شماره 

صفحات  -

تاریخ انتشار 2015