We investigate six authenticated encryption schemes (ACORN, ASCON-128a, Ketje Jr, ICEPOLE-128a, MORUS, and NORX-32) from the CAESAR competition. We aim at state recovery attacks using a SAT solver as a main tool. Our analysis reveals that these schemes, as submitted to CAESAR, provide strong resistance against SAT-based state recoveries. To shed a light on their security margins, we also analys...

NORX is a family of authenticated encryption algorithms that advanced to the third-round of the ongoing CAESAR competition for authenticated encryption schemes. In this work, we investigate the use of pipeline optimizations on ARM platforms to accelerate the execution of NORX. We also provide benchmarks of our implementation using NEON instructions. The results of our implementation show a spee...

Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-re...

FASER is a family of authenticated ciphers submitted to the CAESAR competition, which contains two parent ciphers: FASER128 and FASER256. In this work we only focus on FASER128 and present a key recovery attack to FASER128, which needs at most 64 key words and is realtime in a PC. The result shows that FASER128 is very insecure. What’s more, our attack can be easily applied to FASER256 and brea...

Cryptoprimitives rely on thorough theoretical background, but often lack basic usability features making them prone to unintentional misuse by developers. We argue that this is true even for the state-of-the-art designs. Analyzing 52 candidates of the current CAESAR competition has shown none of them have an avalanche effect in authentication tag strong enough to work properly when partially mi...

iFeed is a blockcipher-based authenticated encryption design by Zhang, et al. [81] and a candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the noncereuse setting. In this thesis, we consider the security of iFeed in three settings. In the noncerespecting setting we show a forgery and subkey r...

HANUMAN is a mode of operation of a keyless cryptographic permutation for nonce-based authenticated encryption with associated data, included among the modes bundled in the PRIMATEs candidate in the currently ongoing CAESAR competition. HANUMAN is a sponge-like mode whose design and security argument are inspired by the SpongeWrap construction. We identify a flaw in the domain separation of HAN...

In FSE 2014, an authenticated encryption mode COBRA [4], based on pseudorandom permutation (PRP) blockcipher, and POET [3], based on Almost XOR-Universal (AXU) hash and strong pseudorandom permutation (SPRP), were proposed. Few weeks later, COBRA mode and a simple variant of the original proposal of POET (due to a forging attack [13] on the original proposal) with AES as an underlying blockciph...