Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
نویسندگان
چکیده مقاله:
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respectively. We show that the security bounds for some variants of its hash and AEAD are less than the designers' claims. For example, the designers' security claim of preimage attack for a hash function when the rate is 128 bits and the capacity is $256$ bits, is 2^{256}, however, we show that the security of preimage for this parameter set is 2^{128}. Also, the designer claimed security of confidentiality for an AEAD, when the rate is 8 bits and the capacity is 224 bits, is 2^{116}, however, we show the security of confidentiality for it is 2^{112$. We also investigate the structure of the permutation used in InGAGE and present an attack to recover the key for reduced rounds of a variant of InGAGE. In an instance of AEAD of InGAGE, when the rate is 8 bits and the capacity is 224 bits, we recover the key when the number of the composition of the main permutation with itself, i.e., r_{1}, is less than 8. We also show that CiliPadi is vulnerable to the length extension attack by presenting concrete examples of forged messages.
منابع مشابه
Equivalences of some v1-telescopes
Certain naturally occurring spaces have isomorphic v1-periodic homotopy groups. To each is associated a mapping telescope whose ordinary homotopy groups equal the v1-periodic homotopy groups of the space. It is proved that the mapping telescopes of the spaces are homotopy equivalent.
متن کاملCryptanalysis of Simpira v1
Simpira v1 is a recently proposed family of permutations, based on the AES round function. The design includes recommendations for using the Simpira permutations in block ciphers, hash functions, or authenticated ciphers. The designers’ security analysis is based on computer-aided bounds for the minimum number of active S-boxes. We show that the underlying assumptions of independence, and thus ...
متن کاملNJCC_01 bwerk v1.indd
The necessity of anticoagulating the extracorporeal circuit (ECC) when applying continuous venovenous haemofiltration (CVVH) in critically ill patients, implicates an increased risk of bleeding complications when using unfractionated heparin or low molecular weight heparins, especially in patients at high risk of bleeding. Regional anticoagulation of the ECC using citratebased solutions has eme...
متن کاملThe EKS-V1 System
1. Deduction of new information (through deduction rules given by the user) from the data being explicitly stored. The system distinguishes between base predicates, corresponding to data explicitly stored (i.e. the extensional database), and virtual predicates, defined by means of declarative rules (i.e. the intensional database). EKS-V1 offers persistent storage of both the extensional and the...
متن کاملمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ذخیره در منابع من قبلا به منابع من ذحیره شده{@ msg_add @}
عنوان ژورنال
دوره 12 شماره 1
صفحات 13- 23
تاریخ انتشار 2020-01-01
با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023