Sciweavers

ASIACRYPT
2015
Springer

Collision Attacks Against CAESAR Candidates - Forgery and Key-Recovery Against AEZ and Marble

8 years 7 months ago
Collision Attacks Against CAESAR Candidates - Forgery and Key-Recovery Against AEZ and Marble
In this paper we study authenticated encryption algorithms inspired by the OCB mode (Offset Codebook). These algorithms use secret offsets (masks derived from a whitening key) to turn a block cipher into a tweakable block cipher, following the XE or XEX construction. OCB has a security proof up to 2n/2 queries, and a matching forgery attack was described by Ferguson, where the main step of the attack recovers the whitening key. In this work we study recent authenticated encryption algorithms inspired by OCB, such as Marble, AEZ, and COPA. While Ferguson’s attack is not applicable to those algorithms, we show that it is still possible to recover the secret mask with birthday complexity. Recovering the secret mask easily leads to a forgery attack, but it also leads to more devastating attacks, with a key-recovery attack against Marble and AEZ v2 and v3 with birthday complexity. For Marble, this clearly violates the security claims of full n-bit security. For AEZ, this matches the sec...
Thomas Fuhr, Gaëtan Leurent, Valentin Suder
Added 16 Apr 2016
Updated 16 Apr 2016
Type Journal
Year 2015
Where ASIACRYPT
Authors Thomas Fuhr, Gaëtan Leurent, Valentin Suder
Comments (0)