International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Tightness of the Suffix Keyed Sponge Bound

Authors:
Christoph Dobraunig , Graz University of Technology, Graz, Austria; Radboud University, Nijmegen, The Netherlands
Bart Mennink , Radboud University, Nijmegen, The Netherlands
Download:
DOI: 10.46586/tosc.v2020.i4.195-212
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8754
Search ePrint
Search Google
Abstract: Generic attacks are a vital ingredient in the evaluation of the tightness of security proofs. In this paper, we evaluate the tightness of the suffix keyed sponge (SuKS) bound. As its name suggests, SuKS is a sponge-based construction that absorbs the key after absorbing the data, but before producing an output. This absorption of the key can be done via an easy to invert operation, like an XOR, or a hard to invert operation, like a PRF. Using SuKS with a hard to invert absorption provides benefits with respect to its resistance against side-channel attacks, and such a construction is used as part of the authenticated encryption scheme Isap. We derive two key recovery attacks against SuKS with easy to invert key absorption, and a forgery in case of hard to invert key absorption. The attacks closely match the terms in the PRF security bound of SuKS by Dobraunig and Mennink, ToSC 2019(4), and therewith show that these terms are justified, even if the function used to absorb the key is a PRF, and regardless of whether SuKS is used as a PRF or a MAC.
Video from TOSC 2020
BibTeX
@article{tosc-2020-30783,
  title={Tightness of the Suffix Keyed Sponge Bound},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Issue 4},
  pages={195-212},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8754},
  doi={10.46586/tosc.v2020.i4.195-212},
  author={Christoph Dobraunig and Bart Mennink},
  year=2020
}