Skip to main content

Key Recovery Attacks on Recent Authenticated Ciphers

  • Conference paper
  • First Online:
Progress in Cryptology - LATINCRYPT 2014 (LATINCRYPT 2014)

Abstract

In this paper, we cryptanalyze three authenticated ciphers: AVALANCHE, Calico, and RBS. While the former two are contestants in the ongoing international CAESAR competition for authenticated encryption schemes, the latter has recently been proposed for lightweight applications such as RFID systems and wireless networks.

All these schemes use well-established and secure components such as the AES, Grain-like NFSRs, ChaCha and SipHash as their building blocks. However, we discover key recovery attacks for all three designs, featuring square-root complexities. Using a key collision technique, we can recover the secret key of AVALANCHE in \(2^{n/2}\), where \(n\in \{128,192,256\}\) is the key length. This technique also applies to the authentication part of Calico whose 128-bit key can be recovered in \(2^{64}\) time. For RBS, we can recover its full 132-bit key in \(2^{65}\) time with a guess-and-determine attack. All attacks also allow the adversary to mount universal forgeries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness, March 2014. http://competitions.cr.yp.to/caesar.html

  2. Ågren, M., Hell, M., Johansson, T.: On hardware-oriented message authentication. IET Inf. Secur. 6, 329–336 (2012)

    Article  Google Scholar 

  3. Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. IJWMC 5, 48–59 (2011)

    Article  Google Scholar 

  4. Alomair, B.: AVALANCHEv1. Submission to the CAESAR competition (2014). http://competitions.cr.yp.to/round1/avalanchev1.pdf

  5. Aumasson, J.-P., Bernstein, D.J.: SipHash: a fast short-input PRF. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 489–508. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Bernstein, D.J.: ChaCha, a variant of Salsa20. In: Workshop Record of SASC 2008: The State of the Art of Stream Ciphers (2008)

    Google Scholar 

  8. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. Submission to NIST (2011)

    Google Scholar 

  9. Dworkin, M.J.: SP 800–38C. Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. Technical report, Gaithersburg, MD, United States (2004)

    Google Scholar 

  10. Dworkin, M.J.: SP 800–38D. Recommendation for block cipher modes of operation: galois/counter mode (GCM) and GMAC. Technical report, Gaithersburg, MD, United States (2007)

    Google Scholar 

  11. ISO 19772:2009. Information technology - Security techniques - Authenticated encryption (2009)

    Google Scholar 

  12. Jeddi, Z., Amini, E., Bayoumi, M.: A novel authenticated cipher for RFID systems. Int. J. Crypt. Inf. Secur. 4 (2014)

    Google Scholar 

  13. Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Mendel, F., Mennink, B., Rijmen, V., Tischhauser, E.: A simple key-recovery attack on McOE-X. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 23–31. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  17. Minematsu, K.: Parallelizable rate-1 authenticated encryption from pseudorandom functions. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 275–292. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  18. Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search. new results and applications to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 408–413. Springer, Heidelberg (1990)

    Google Scholar 

  19. Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, pp. 196–205 (2001)

    Google Scholar 

  21. Taylor, C.: The Calico Family of Authenticated Ciphers Version 8. Submission to the CAESAR competition (2014). http://competitions.cr.yp.to/round1/calicov8.pdf

Download references

Acknowledgments

The work has been supported in part by the Austrian government through the research program FIT-IT Trust in IT Systems (project 835919) and by the Austrian Science Fund (project P26494-N15).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Elmar Tischhauser .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Bogdanov, A. et al. (2015). Key Recovery Attacks on Recent Authenticated Ciphers. In: Aranha, D., Menezes, A. (eds) Progress in Cryptology - LATINCRYPT 2014. LATINCRYPT 2014. Lecture Notes in Computer Science(), vol 8895. Springer, Cham. https://doi.org/10.1007/978-3-319-16295-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16295-9_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16294-2

  • Online ISBN: 978-3-319-16295-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics