Sciweavers

SACRYPT
2015
Springer

Analysis of the CAESAR Candidate Silver

8 years 8 months ago
Analysis of the CAESAR Candidate Silver
In this paper, we present the first third-party cryptanalysis against the authenticated encryption scheme Silver. In high-level, Silver builds a tweakable block cipher by tweaking AES-128 with a dedicated method and performs a similar computation as OCB3 to achieve 128bit security for both of integrity and confidentiality in nonce-respecting model. Besides, by modifying the tag generation of OCB3, some robustness against nonce-repeating adversaries is claimed. We first present a forgery attack against 8 (out of 10) rounds with 2111 blocks of queries in the nonce-respecting model. The attack exploits a weakness of the dedicated AES tweaking method of Silver. Then, we present several attacks in the nonce-repeating model. Those include 1) a forgery against full Silver with 249.46 blocks of queries which matches a conservative security claim by the designers, 2) a plaintext recovery against full Silver with a single query and 3) a key recovery against 8 rounds with 2111 blocks of querie...
Jérémy Jean, Yu Sasaki, Lei Wang 003
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where SACRYPT
Authors Jérémy Jean, Yu Sasaki, Lei Wang 0031
Comments (0)