dc.contributor.authorJean, Jérémy
dc.contributor.authorNikolic, Ivica
dc.contributor.authorSasaki, Yu
dc.contributor.authorWang, Lei
dc.identifier.citationJean, J., Nikolic, I., Sasaki, Y., & Wang, L. (2016). Practical Forgeries and Distinguishers against PAES. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E99.A(1), 39-48.en_US
dc.description.abstractWe present two practical attacks on the CAESAR candidate PAES. The first attack is a universal forgery for any plaintext with at least 240 bytes. It works for the nonce-repeating variant of PAES and in a nutshell it is a state recovery based on solving differential equations for the S-Box leaked through the ciphertext that arise when the plaintext has a certain difference. We show that to produce the forgery based on this method the attacker needs only 211 time and data. The second attack is a distinguisher for 264 out of 2128 keys that requires negligible complexity and only one pair of known plaintext-ciphertext. The attack is based on the lack of constants in the initialization of the PAES which allows to exploit the symmetric properties of the keyless AES round. Both of our attacks contradict the security goals of PAES.en_US
dc.description.sponsorshipNRF (Natl Research Foundation, S’pore)en_US
dc.format.extent10 p.en_US
dc.relation.ispartofseriesIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciencesen_US
dc.rights© 2016 Institute of Electronics, Information and Communication Engineers. This paper was published in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences and is made available as an electronic reprint (preprint) with permission of Institute of Electronics, Information and Communication Engineers. The published version is available at: [http://dx.doi.org/10.1587/transfun.E99.A.39]. One print or electronic copy may be made for personal use only. Systematic or multiple reproduction, distribution to multiple locations via electronic or other means, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper is prohibited and is subject to penalties under law.en_US
dc.subjectUniversal forgery
dc.subjectSymmetric property
dc.subjectAuthenticated encryption
dc.titlePractical Forgeries and Distinguishers against PAESen_US
dc.typeJournal Article
dc.contributor.schoolSchool of Physical and Mathematical Sciencesen_US
dc.contributor.schoolLee Kong Chian School of Medicine (LKCMedicine)
dc.description.versionPublished versionen_US

Files in this item


This item appears in the following Collection(s)

Show simple item record