CryptoDB
Generic Attack on Duplex-Based AEAD Modes using Random Function Statistics
| Authors: |
|
|---|---|
| Download: |
|
| Presentation: | Slides |
| Conference: | EUROCRYPT 2023 |
| Abstract: | Duplex-based authenticated encryption modes with a sufficiently large key length are proven to be secure up to the birthday bound 2^(c/2), where c is the capacity. However this bound is not known to be tight and the complexity of the best known generic attack, that is based on multicollisions, is much larger: it reaches (2^c)/α where α represents a small security loss factor. There is thus an uncertainty on the true extent of security beyond the bound 2^(c/2) provided by such constructions. In this paper, we describe a new generic attack against several duplex-based AEAD modes. Our attack produces a forgery in time complexity O(2^(3c/4)) using negligible memory and no encryption queries. Furthermore, for some duplex-based modes, our attack also recovers the secret key with a negligible amount of additional computations. Most notably, our attack breaks a security claim made by the designers of the NIST lightweight competition candidate Xoodyak. This attack is a step further towards determining the exact security provided by duplex-based constructions. |
BibTeX
@inproceedings{eurocrypt-2023-32887,
title={Generic Attack on Duplex-Based AEAD Modes using Random Function Statistics},
publisher={Springer-Verlag},
doi={10.1007/978-3-031-30634-1_12},
author={Henri Gilbert and Rachelle Heim Boissier and Louiza Khati and Yann Rotella},
year=2023
}