The LOCAL Attack: Cryptanalysis of the Authenticated Encryption Scheme ALE

Conference paper

DOI: 10.1007/978-3-662-43414-7_9

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8282)
Cite this paper as:
Khovratovich D., Rechberger C. (2014) The LOCAL Attack: Cryptanalysis of the Authenticated Encryption Scheme ALE. In: Lange T., Lauter K., Lisoněk P. (eds) Selected Areas in Cryptography -- SAC 2013. SAC 2013. Lecture Notes in Computer Science, vol 8282. Springer, Berlin, Heidelberg


We show how to produce a forged (ciphertext, tag) pair for the scheme ALE with data and time complexity of \(2^{102}\) ALE encryptions of short messages and the same number of authentication attempts. We use a differential attack based on a local collision, which exploits the availability of extracted state bytes to the adversary. Our approach allows for a time-data complexity tradeoff, with an extreme case of a forgery produced after \(2^{119}\) attempts and based on a single authenticated message. Our attack is further turned into a state recovery and a universal forgery attack with a time complexity of \(2^{120}\) verification attempts using only a single authenticated 48-byte message.

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.University of LuxembourgWalferdangeLuxembourg
  2. 2.DTUKongens LyngbyDenmark

Personalised recommendations