Cryptology ePrint Archive: Report 2014/197

Breaking POET Authentication with a Single Query

Jian Guo and Jérémy Jean and Thomas Peyrin and Wang Lei

Abstract: In this short article, we describe a very practical and simple attack on the authentication part of POET authenticated encryption mode proposed at FSE 2014. POET is a provably secure scheme that was designed to resist various attacks where the adversary is allowed to repeat the nonce, or even when the message is output before verifying the validity of the tag when querying the decryption oracle. However, we demonstrate that using only a single encryption query and a negligible amount of computations, even without any special misuse from the attacker, it is possible to generate many valid ciphertext/tag pairs for POET. Our work shows that one should not use POET for any application where authentication property is required. Furthermore, we propose a possible patch to overcome this particular issue, yet without backing up this patch with a security proof.

Category / Keywords: secret-key cryptography / authenticated encryption, CAESAR, POE, POET, cryptanalysis, authenticity

Date: received 14 Mar 2014, last revised 16 Mar 2014

Contact author: thomas peyrin at ntu edu sg

Available format(s): PDF | BibTeX Citation

Version: 20140316:184748 (All versions of this report)

Short URL: ia.cr/2014/197

Discussion forum: Show discussion | Start new discussion