PRIMATEs is a family of authenticated encryption design submitted to competition for authenticated encryption: security, applicability, and robustness. The three modes of operation in PRIMATEs family are: APE, HANUMAN, GIBBON with security levels: 80, 120 bits. APE is robust despite the nonce misusing. In this study, we revise the algebraic model and find new integral distinguishers for both PRIMATE permutation and its inverse permutation. Moreover, we construct a zero-sum distinguisher for full 12-round PRIMATE-80/120 permutation with the 2100/2105 complexity, improving over previous work. We also perform an integral attack on 8-round finalization of APE-80/120 with 230 chosen messages. The key recovery process is optimized using the FFT technique presented by Todo and Aoki. Our work is the best attack against APE, demonstrating the practical attack on 8-round finalization of APE-80. The new integral distinguishers apply to create forgeries on 5/6-round finalization of APE and HANUMAN that require 215/230 chosen messages, which is the first forgery attack against APE and HANUMAN.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Rogaway P. Authenticated-encryption with associated-data. In: Proceedings of ACM Conference on Computer and Communications Security (CCS), 2002. 98–107
Bellare M, Namprempre C. Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, 2000. 531–545
Jutla C. Encryption modes with almost free message integrity. In: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, 2001. 529–544
Gligor V, Donescu P. Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Proceedings of International Workshop on Fast Software Encryption, 2002. 92–108
Rogaway P, Bellare M, Black J, et al. OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of ACM Transactions on Information and System Security (TISSEC), 2003. 365–403
National Institute of Standards and Technology (NIST). Advanced encryption standard (AES). FIPS 197. https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf
Dworkin M. Recommendation for block cipher modes of operation: Galois/counter mode (GCM) and GMAC. NIST Special Publication 800-38D, 2007. https://www.govinfo.gov/content/pkg/GOVPUB-C13-1e1d0b2a761f50d919d892b9e020965b/pdf/GOVPUB-C13-1e1d0b2a761f50d919d892b9e020965b.pdf
The CAESAR Committee. CAESAR: competition for authenticated encryption: security, applicability, and robustness. http://competitions.cr.yp.to/caesar.html
Andreeva E, Bilgin B, Bogdanov A, et al. PRIMATEs v1.02: submission to the CAESAR competition. http://primates.ae/
Saha D, Kuila S, Chowdhury D R. EscApe: diagonal fault analysis of APE. In: Proceedings of International Conference on Cryptology in India, 2014. 197–216
Minaud B. Improved beer-recovery attack against APE. https://aezoo.compute.dtu.dk/doku.php?id=primates
Morawiecki P, Pieprzyk J, Srebrny M, et al. Applications of key recovery cube-attack-like. 2015. http://eprint.iacr.org/2015/1009.pdf
Lukas K, Daemen J. Cube attack on primates. Proc Rom Acad, 2017, 18: 293–306
Todo Y, Aoki K. FFT key recovery for integral attack. In: Proceedings of International Conference on Cryptology and Network Security, 2014. 64–81
Daemen J, Rijmen V. The wide trail design strategy. In: Proceedings of the 8th IMA International Conference on Cryptography and Coding, 2001. 222–238
Daemen J, Rijmen V. The Design of Rijndael. Berlin: Springer, 2002
Boura C, Canteaut A. A zero-sum proposition for the Keccak-f permutation with 18 rounds. In: Proceedings of IEEE International Symposium on Information Theory, 2010. 2488–2492
Yang M H, Lai X J. The computational method of the algebraic degree of Boolean functions (in Chinese). In: Proceedings of Annual Meeting of Chinese Association for Cryptologic Research, 2009
Aumasson J P, Meier W. Zero-sum distinguishers for reduced Keccak-f and for the core functions of Luffa and Hamsi. 2009. http://www.131002.net/data/papers/AM09.pdf
This work was supported by National Cryptography Development Fund (Grant No. MMJJ20170102), National Natural Science Foundation of China (Grant Nos. 61572293, 61502276, 61692276), Major Scientific and Technological Innovation Projects of Shandong Province (Grant No. 2017CXGC0704), National Natural Science Foundation of Shandong Province (Grant No. ZR2016FM22), and Open Research Fund from Shandong Provincial Key Laboratory of Computer Network (Grant No. SDKLCN-2017-04).
About this article
Cite this article
Li, Y., Wang, M., Liu, W. et al. Cryptanalysis of PRIMATEs. Sci. China Inf. Sci. 63, 112106 (2020). https://doi.org/10.1007/s11432-019-1507-1
- integral distinguisher
- key recovery attack