dc.contributor.authorSasaki, Yu
dc.contributor.authorWang, Lei
dc.date.accessioned2016-01-26T03:42:05Z
dc.date.available2016-01-26T03:42:05Z
dc.date.issued2016
dc.identifier.citationSasaki, Y., & Wang, L. (2016). Message Extension Attack against Authenticated Encryptions: Application to PANDA. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E99.A(1), 49-57.en_US
dc.identifier.issn0916-8508en_US
dc.identifier.urihttp://hdl.handle.net/10220/39785
dc.description.abstractWe present a new cryptanalysis approach to analyze the security of a class of authenticated encryption schemes, which shares similarity with the previous length extension attack against hash-function-based MACs. Hence we name our approach by message extension attack. For an authenticated encryption from the target class, it consists of three phases; initialization with nonce and key as input, state update function with associated data and message as input and tag generation with updated state as input. We will show how to mount a forgery attack in the nonce-repeating model under the chosen-plaintext scenario, when both state update function and tag generation is built based on the same function. To demonstrate the effectiveness of our message extension attack approach, we apply it to a dedicated authenticated encryption called PANDA, which is a candidate of the ongoing CAESAR cryptographic competition. We successfully found an existential forgery attack on PANDA with 25 chosen plaintexts, 264 computations, and a negligible memory, and it breaks the claimed 128-bit security for the nonce-repeating model. We note that this is the first result that breaks the security claim of PANDA, which makes it withdrawn from the CAESAR competition by its designer.en_US
dc.description.sponsorshipNRF (Natl Research Foundation, S’pore)en_US
dc.format.extent9 p.en_US
dc.language.isoenen_US
dc.relation.ispartofseriesIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciencesen_US
dc.rights© 2016 Institute of Electronics, Information and Communication Engineers. This paper was published in IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences and is made available as an electronic reprint (preprint) with permission of Institute of Electronics, Information and Communication Engineers. The published version is available at: [http://dx.doi.org/10.1587/transfun.E99.A.49]. One print or electronic copy may be made for personal use only. Systematic or multiple reproduction, distribution to multiple locations via electronic or other means, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper is prohibited and is subject to penalties under law.en_US
dc.subjectMessage extension attacken_US
dc.subjectInternal state recovery
dc.subjectExistential forgery
dc.subjectNonce misuse
dc.subjectCAESAR
dc.subjectPANDA
dc.titleMessage Extension Attack against Authenticated Encryptions: Application to PANDAen_US
dc.typeJournal Article
dc.contributor.schoolLee Kong Chian School of Medicine
dc.identifier.doihttp://dx.doi.org/10.1587/transfun.E99.A.49
dc.description.versionPublished versionen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record