FASER128: Cryptanalysis and Its Countermeasure
Many symmetric key encryption schemes have been designed to ensure the confidentiality of data only. Data integrity plays an important role of security in various encryption scheme. Assuming this fact, many researchers have focused their research to design Authenticated Encryption (AE) schemes that provide both confidentiality and authenticity. FASER is one of them which was submitted in CAESAR competition and withdrawn in later due to an attack reported in the paper . It has two parent ciphers namely FASER128 and FASER256. Cryptanalysis of FASER128 was studied by the authors in [6, 7] and mentioned some serious flaws in the design of the crypto algorithm. Due to these flaws, both the parent ciphers of the FASER have been withdrawn. In this paper, we study the cryptanalysis of FASER128 by key recovery attack and discuss some weaknesses. We have also suggested some modifications of cryptoalgorithm to avoid the key recovery attack.
KeywordsStream cipher Key recovery attack Authenticated encryption
The authors greatly indebted to Ms. Neelam Verma, Scientist G and Ms. Anu Khosla, Director, SAG, DRDO for their full cooperation and financial supports. The third author wishes to express his thanks to DRDO headquarter for DRDO fellowship.
- 1.CAESAR: Competition for authenticated encryption: Security applicability and robustness. https://competitions.cr.yp.to/caeser.html
- 3.Bellare, M., Kohno, T., Namprempre, C.: Authentication encryption in SSH: provably fixing the SSH binary packet protocol. In: ACM Conference on Computer and Communications Security (CCS-9), pp. 1–31. ACM Press (2002)Google Scholar
- 5.Chaza, F., MacDonald, C., Avanzi, R.: FASER v1: Authenticated encryption in a feedback shift register, CAESER (2014)Google Scholar
- 7.Feng, X., Zhang, F.: A real time key recovery attack on the authenticated FASER128. Cryptology ePrint Arxhive, Report 2014/258 (2014). http://eprint.iacr.org/