Cryptanalysis of some first round CAESAR candidates
Authors
Abstract:
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success probability of almost 1, and distinguishing attacks on CLΟCv₁ and SILCv₁ with the complexity of Ο (2n/2) queries and the success probability of 0.63, in which n is bit length of message blocks. In addition, a forgery attack is presented against ΑVΑLΑNCHEv₁ which requires only one query and has the success probability of 1. The attacks reveal weaknesses in the structure of these first round candidates and inaccuracy of their security claims.
similar resources
BRUTUS: Identifying Cryptanalytic Weaknesses in CAESAR First Round Candidates
This report summarizes our results from security analysis covering all 57 CAESAR first round candidates and over 210 implementations. We have manually identified security issues with three candidates, two of which are more serious, and these ciphers been withdrawn from the competition. We have developed a testing framework, BRUTUS, to facilitate automatic detection of simple security lapses and...
full textHeuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates
Differential and linear cryptanalysis are the general purpose tools to analyze various cryptographic primitives. Both techniques have in common that they rely on the existence of good differential or linear characteristics. The difficulty of finding such characteristics depends on the primitive. For instance, AES is designed to be resistant against differential and linear attacks and therefore,...
full textSoftware Benchmarking of the 2nd round CAESAR Candidates
Abstract. The software performance of cryptographic schemes is an important factor in the decision to include such a scheme in real-world protocols like TLS, SSH or IPsec. In this paper, we develop a benchmarking framework to perform software performance measurements on authenticated encryption schemes. In particular, we apply our framework to independently benchmark the 29 remaining 2nd round ...
full textFair and Comprehensive Benchmarking of 29 Round 2 CAESAR Candidates in Hardware: Preliminary Results
Cryptographic contests have emerged as a commonly accepted way of developing cryptographic standards. This process has appeared to work particularly well in case of Advanced Encryption Standard (AES), developed in the period 1997-2001, and Secure Hash Algorithm 3 (SHA-3), developed in the period 2007-2012. In 2013, a new contest, called CAESAR Competition for Authenticated Encryption: Security,...
full textNote on the Robustness of CAESAR Candidates
Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-re...
full textAvalanche Effect in Improperly Initialized CAESAR Candidates
Cryptoprimitives rely on thorough theoretical background, but often lack basic usability features making them prone to unintentional misuse by developers. We argue that this is true even for the state-of-the-art designs. Analyzing 52 candidates of the current CAESAR competition has shown none of them have an avalanche effect in authentication tag strong enough to work properly when partially mi...
full textMy Resources
Journal title
volume 7 issue 2
pages 127- 134
publication date 2015-11-16
By following a journal you will be notified via email when a new issue of this journal is published.
Hosted on Doprax cloud platform doprax.com
copyright © 2015-2023