Paper 2014/197

Breaking POET Authentication with a Single Query

Jian Guo, Jérémy Jean, Thomas Peyrin, and Wang Lei

Abstract

In this short article, we describe a very practical and simple attack on the authentication part of POET authenticated encryption mode proposed at FSE 2014. POET is a provably secure scheme that was designed to resist various attacks where the adversary is allowed to repeat the nonce, or even when the message is output before verifying the validity of the tag when querying the decryption oracle. However, we demonstrate that using only a single encryption query and a negligible amount of computations, even without any special misuse from the attacker, it is possible to generate many valid ciphertext/tag pairs for POET. Our work shows that one should not use POET for any application where authentication property is required. Furthermore, we propose a possible patch to overcome this particular issue, yet without backing up this patch with a security proof.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
authenticated encryptionCAESARPOEPOETcryptanalysisauthenticity
Contact author(s)
thomas peyrin @ ntu edu sg
History
2014-03-16: revised
2014-03-14: received
See all versions
Short URL
https://ia.cr/2014/197
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/197,
      author = {Jian Guo and Jérémy Jean and Thomas Peyrin and Wang Lei},
      title = {Breaking {POET} Authentication with a Single Query},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/197},
      year = {2014},
      url = {https://eprint.iacr.org/2014/197}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.