Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants

Authors

Majid Mahmoudzadeh Niknam Kharazmi University

Mohammad Reza Aref Sharif University of Technology

Nasour Bagheri SRTTU

Sadegh Sadeghi Kharazmi University

Abstract:

In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respectively. We show that the security bounds for some variants of its hash and AEAD are less than the designers' claims. For example, the designers' security claim of preimage attack for a hash function when the rate is 128 bits and the capacity is $256$ bits, is 2^{256}, however, we show that the security of preimage for this parameter set is 2^{128}. Also, the designer claimed security of confidentiality for an AEAD, when the rate is 8 bits and the capacity is 224 bits, is 2^{116}, however, we show the security of confidentiality for it is 2^{112$. We also investigate the structure of the permutation used in InGAGE and present an attack to recover the key for reduced rounds of a variant of InGAGE. In an instance of AEAD of InGAGE, when the rate is 8 bits and the capacity is 224 bits, we recover the key when the number of the composition of the main permutation with itself, i.e., r_{1}, is less than 8. We also show that CiliPadi is vulnerable to the length extension attack by presenting concrete examples of forged messages.

Upgrade to premium to download articles

Already have an account?login

similar resources

Equivalences of some v1-telescopes

Certain naturally occurring spaces have isomorphic v1-periodic homotopy groups. To each is associated a mapping telescope whose ordinary homotopy groups equal the v1-periodic homotopy groups of the space. It is proved that the mapping telescopes of the spaces are homotopy equivalent.

full text

Gefasa V1

full text

Deoxys V1

full text

Cryptanalysis of Simpira v1

Simpira v1 is a recently proposed family of permutations, based on the AES round function. The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. The designers’ security analysis is based on computer-aided bounds for the minimum number of active S-boxes. We show that the underlying assumptions of independence, and thus ...

full text

NJCC_01 bwerk v1.indd

The necessity of anticoagulating the extracorporeal circuit (ECC) when applying continuous venovenous haemofiltration (CVVH) in critically ill patients, implicates an increased risk of bleeding complications when using unfractionated heparin or low molecular weight heparins, especially in patients at high risk of bleeding. Regional anticoagulation of the ECC using citratebased solutions has eme...

full text

The EKS-V1 System

1. Deduction of new information (through deduction rules given by the user) from the data being explicitly stored. The system distinguishes between base predicates, corresponding to data explicitly stored (i.e. the extensional database), and virtual predicates, defined by means of declarative rules (i.e. the intensional database). EKS-V1 offers persistent storage of both the extensional and the...

full text

My Resources

Save resource for easier access later

Save to my library Already added to my library

{@ msg_add @}

Journal title

The ISC International Journal of Information Security

volume 12 issue 1

pages 13- 23

publication date 2020-01-01

unfollow

{@ msg @}

By following a journal you will be notified via email when a new issue of this journal is published.

Keywords

NIST lightweight cryptography competition GAGE InGAGE Preimage attack confidentialityو Integrityو MILP CiliPadi

Hosted on Doprax cloud platform doprax.com