Paper 2013/357

The LOCAL attack: Cryptanalysis of the authenticated encryption scheme ALE

Dmitry Khovratovich and Christian Rechberger

Abstract

We show how to produce a forged (ciphertext,tag) pair for the scheme ALE with data and time complexity of 2^102 ALE encryptions of short messages and the same number of authentication attempts. We use a differential attack based on a local collision, which exploits the availability of extracted state bytes to the adversary. Our approach allows for a time-data complexity tradeoff, with an extreme case of a forgery produced after $2^119 attempts and based on a single authenticated message. Our attack is further turned into a state recovery and a universal forgery attack with a time complexity of 2^120 verification attempts using only a single authenticated 48-byte message.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
dmitry khovratovich @ uni lu
crec @ dtu dk
History
2013-06-10: received
Short URL
https://ia.cr/2013/357
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/357,
      author = {Dmitry Khovratovich and Christian Rechberger},
      title = {The {LOCAL} attack: Cryptanalysis of the authenticated encryption scheme {ALE}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/357},
      year = {2013},
      url = {https://eprint.iacr.org/2013/357}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.