Attacks and Security Proofs of EAX-Prime

  • Kazuhiko Minematsu
  • Stefan Lucks
  • Hiraku Morita
  • Tetsu Iwata
Conference paper

DOI: 10.1007/978-3-662-43933-3_17

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8424)
Cite this paper as:
Minematsu K., Lucks S., Morita H., Iwata T. (2014) Attacks and Security Proofs of EAX-Prime. In: Moriai S. (eds) Fast Software Encryption. FSE 2013. Lecture Notes in Computer Science, vol 8424. Springer, Berlin, Heidelberg

Abstract

\(\text {EAX}'\) (or EAX-prime) is an authenticated encryption (AE) specified by ANSI C12.22 as a standard security function for Smart Grid. \(\text {EAX}'\) is based on EAX proposed by Bellare, Rogaway, and Wagner. While EAX has a proof of security based on the pseudorandomness of the internal blockcipher, no published security result is known for \(\text {EAX}'\). This paper studies the security of \(\text {EAX}'\) and shows that there is a sharp distinction in security of \(\text {EAX}'\) depending on the input length. \(\text {EAX}'\) encryption takes two inputs, called cleartext and plaintext, and we present various efficient attacks against \(\text {EAX}'\) using single-block cleartext and plaintext. At the same time we prove that if cleartexts are always longer than one block, it is provably secure based on the pseudorandomness of the blockcipher.

Keywords

Authenticated encryption EAX \(\text {EAX}'\) Attack Provable security 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Kazuhiko Minematsu
    • 1
  • Stefan Lucks
    • 2
  • Hiraku Morita
    • 3
  • Tetsu Iwata
    • 3
  1. 1.NEC CorporationKawasaki-ShiJapan
  2. 2.Bauhaus-Universität WeimarWeimarGermany
  3. 3.Nagoya UniversityNagoyaJapan

Personalised recommendations