Cryptology ePrint Archive: Report 2013/357

The LOCAL attack: Cryptanalysis of the authenticated encryption scheme ALE

Dmitry Khovratovich and Christian Rechberger

Abstract: We show how to produce a forged (ciphertext,tag) pair for the scheme ALE with data and time complexity of 2^102 ALE encryptions of short messages and the same number of authentication attempts. We use a differential attack based on a local collision, which exploits the availability of extracted state bytes to the adversary. Our approach allows for a time-data complexity tradeoff, with an extreme case of a forgery produced after $2^119 attempts and based on a single authenticated message. Our attack is further turned into a state recovery and a universal forgery attack with a time complexity of 2^120 verification attempts using only a single authenticated 48-byte message.

Category / Keywords: secret-key cryptography /

Date: received 7 Jun 2013

Contact author: dmitry khovratovich at uni lu;crec@dtu dk;

Available format(s): PDF | BibTeX Citation

Version: 20130610:130049 (All versions of this report)

Short URL: ia.cr/2013/357

Discussion forum: Show discussion | Start new discussion