IACR News item: 27 May 2013
Kazuhiko Minematsu, Stefan Lucks, Hiraku Morita, Tetsu Iwata
ePrint ReportEAX$\'$ is based on EAX proposed by Bellare, Rogaway, and Wagner.
While EAX has a proof of security based on the pseudorandomness of the internal blockcipher, no published security result is known for EAX$\'$.
This paper studies the security of EAX$\'$ and shows that there is a sharp distinction in security of EAX$\'$ depending on the input length. EAX$\'$ encryption takes two inputs, called cleartext and plaintext,
and we present various efficient attacks against EAX$\'$ using single-block cleartext and plaintext.
At the same time we prove that if cleartexts are always longer than one block, it is provably secure
based on the pseudorandomness of the blockcipher.
Additional news items may be found on the IACR news page.