PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a state recovery attack against PANDA-s with time complexity about 2 under the known-plaintext-attack model, which needs about 132 pairs of known plaintext/ciphertext. Based on the above attack, we further deduce a forgery attack against PANDA-s. Our result...

Block symmetric ciphers are one of the most important components modern information security systems. At same time, in addition to structure applied block cipher, cryptographic strength and performance protection system is largely determined by encryption mode. In high high-quality destruction statistics, modes should also protect encrypted from occurred or intentionally introduced errors. this...

Recently permutation multimedia ciphers were broken in a chosen-plaintext scenario. That attack models a very resourceful adversary which may not always be the case. To show insecurity of these ciphers, we present a cipher-text only attack on speech permutation ciphers. We show inherent redundancies of speech can pave the path for a successful cipher-text only attack. To that end, regularities ...

OCB3 is the current version of the OCB authenticated encryption mode which is selected for the third round in CAESAR. So far the integrity analysis has been limited to an adversary making a single forging attempt. A simple extension for the best known bound establishes integrity security as long as the total number of query blocks (including encryptions and forging attempts) does not exceed the...

In this paper, we define the CAESAR hardware Application Programming Interface (API) for authenticated ciphers. In particular, our API is intended to meet the requirements of all algorithms submitted to the CAESAR competition. The major parts of our specification include: minimum compliance criteria, interface, communication protocol, and timing characteristics supported by the core. All of the...

HANUMAN is a mode of operation of a keyless cryptographic permutation for nonce-based authenticated encryption with associated data, included among the modes bundled in the PRIMATEs candidate in the currently ongoing CAESAR competition. HANUMAN is a sponge-like mode whose design and security argument are inspired by the SpongeWrap construction. We identify a flaw in the domain separation of HAN...

This report is a survey of the authenticated encryption mode EAX proposed M. Bellare, P. Rogaway, D. Wagner [1] ; Definitions, theorems and proofs has been slighty changed to make them more similar to the framework of the course. The definitions in Stinson [7] , and the definitions of oracle proofs in the lecture notes by Ivan Bjerre Damgaard[3][4]. This is done to meet the formal requirement o...

In this document we present an introductory overview of the algorithms and design components underlying the Keccac cryptographic primitive and the Keyak encryption scheme for authenticated (session-supporting) encryption. This document aims to familiarize readers with the basic principles of authenticated encryption, the Sponge and Duplex constructions (full-state, keyed as well as regular vers...

We investigate six authenticated encryption schemes (ACORN, ASCON-128a, Ketje Jr, ICEPOLE-128a, MORUS, and NORX-32) from the CAESAR competition. We aim at state recovery attacks using a SAT solver as a main tool. Our analysis reveals that these schemes, as submitted to CAESAR, provide strong resistance against SAT-based state recoveries. To shed a light on their security margins, we also analys...