SAT-based Cryptanalysis of Authenticated Ciphers from the CAESAR Competition
نویسندگان
چکیده
We investigate six authenticated encryption schemes (ACORN, ASCON-128a, Ketje Jr, ICEPOLE-128a, MORUS, and NORX-32) from the CAESAR competition. We aim at state recovery attacks using a SAT solver as a main tool. Our analysis reveals that these schemes, as submitted to CAESAR, provide strong resistance against SAT-based state recoveries. To shed a light on their security margins, we also analyse modified versions of these algorithms, including round-reduced variants and versions with higher security claims. Our attacks on such variants require only a few known plaintext-ciphertext pairs and small memory requirements (to run the SAT solver), whereas time complexity varies from very practical (few seconds on a desktop PC) to ‘theoretical’ attacks.
منابع مشابه
SAT-based cryptanalysis of ACORN
The CAESAR competition aims to provide a portfolio of authenticated encryption algorithms. SAT solvers represent powerful tools to verify automatically and efficiently (among others) the confidentiality and the authenticity of information claimed by cryptographic primitives. In this work, we study the security of the CAESAR candidate Acorn against a SAT-based cryptanalysis. We provide the first...
متن کاملCryptanalysis of some first round CAESAR candidates
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success ...
متن کاملThe BRUTUS Automatic Cryptanalytic Framework Testing CAESAR Authenticated Encryption Candidates for Weaknesses
This report summarizes our results from security analysis covering all 57 CAESAR first round candidates and over 210 implementations. We have manually identified security issues with three candidates, two of which are more serious, and these ciphers been withdrawn from the competition. We have developed a testing framework, BRUTUS, to facilitate automatic detection of simple security lapses and...
متن کاملNote on the Robustness of CAESAR Candidates
Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-re...
متن کاملCryptanalysis of Submission to the CAESAR Cryptographic Competition iFeed
iFeed is a blockcipher-based authenticated encryption design by Zhang, et al. [81] and a candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the noncereuse setting. In this thesis, we consider the security of iFeed in three settings. In the noncerespecting setting we show a forgery and subkey r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016