Analysis of the Authenticated Cipher MORUS (v1)

  • Aleksandra MilevaEmail author
  • Vesna Dimitrova
  • Vesselin Velichkov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9540)


We present several new observations on the CAESAR candidate MORUS (v1). First, we report a collision on its \(\mathrm {StateUpdate}(S, M)\) function. Second, we describe a distinguisher in a nonce-reuse scenario with probability 1. Finally, we observe that the differences in some words of the state after the initialization have probabilities significantly higher than the random case. We note that the presented results do not threaten the security of the scheme. This is the first external analysis of the authenticated cipher MORUS.


Symmetric-key Cryptanalysis Authenticated encryption CAESAR MORUS 



We would like to thank the anonymous reviewers for their time and valuable comments. In particular, we thank Reviewer 2 for pointing out the natural extension of our technique to the case where differences in the message blocks are allowed. Finally, we extend our thanks to the organizers of WG4 Meeting on Authenticated Encryption, COST CryptoAction IC1306, co-located with Eurocrypt 2015, for giving us the opportunity to work on this topic.


  1. 1.
    Wu, H., Huang, T.: The authenticated cipher MORUS (v1), CAESAR candidate, 15 March 2014Google Scholar
  2. 2.
    CAESAR - Competition for Authenticated Encryption: Security, Applicability, and Robustness (2014).
  3. 3.
    National Institute of Standards and Technology, Announcing Request for Candidate Algorithm Nominations for a the Advanced Encryption Standard (AES), Federal Register, vol. 62, pp. 48051–48058, September 1997.
  4. 4.
    National Institute of Standards and Technology, Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family, Federal Register, vol. 27, pp. 62212–62220, November 2007.
  5. 5.
    Daemen, J., Rijmen, V.: AES and the wide trail design strategy. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 108–109. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Aleksandra Mileva
    • 1
    Email author
  • Vesna Dimitrova
    • 2
  • Vesselin Velichkov
    • 3
  1. 1.Faculty of Computer ScienceUniversity “Goce Delčev”ŠtipRepublic of Macedonia
  2. 2.Faculty of Computer Science and EngineeringUniversity “Ss Cyril and Methodius”SkopjeRepublic of Macedonia
  3. 3.Laboratory of Algorithmics, Cryptology and Security (LACS)Université du Luxembourg, SnT/FSTCLuxembourgLuxembourg

Personalised recommendations