Generic Attack on Duplex-Based AEAD Modes Using Random Function Statistics
IACR Cryptol. ePrint Arch.(2023)
Abstract
Duplex-based authenticated encryption modes with a sufficiently large key length are proven to be secure up to the birthday bound
$$2^{\frac{c}{2}}$$
, where c is the capacity. However this bound is not known to be tight and the complexity of the best known generic attack, which is based on multicollisions, is much larger: it reaches
$$\frac{2^c}{\alpha }$$
where
$$\alpha $$
represents a small security loss factor. There is thus an uncertainty on the true extent of security beyond the bound
$$2^{\frac{c}{2}}$$
provided by such constructions. In this paper, we describe a new generic attack against several duplex-based AEAD modes. Our attack leverages random functions statistics and produces a forgery in time complexity
$$\mathcal {O}(2^{\frac{3c}{4}})$$
using negligible memory and no encryption queries. Furthermore, for some duplex-based modes, our attack recovers the secret key with a negligible amount of additional computations. Most notably, our attack breaks a security claim made by the designers of the NIST lightweight competition candidate Xoodyak. This attack is a step further towards determining the exact security provided by duplex-based constructions.
MoreTranslated text
Key words
Cryptanalysis,Symmetric cryptography,AEAD,Duplex-based constructions,NIST lightweight competition,Xoodyak Random functions
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined