Paper 2014/325

A practical forgery and state recovery attack on the authenticated cipher PANDA-s

Xiutao FENG, Fan ZHANG, and Hui WANG

Abstract

PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a state recovery attack against PANDA-s with time complexity about $2^{41}$ under the known-plaintext-attack model, which needs 137 pairs of known plaintext/ciphertext and about 2GB memories. Our attack is practical in a small workstation. Based on the above attack, we further deduce a forgery attack against PANDA-s, which can forge a legal ciphertext $(C,T)$ of an arbitrary plaintext $P$. The results show that PANDA-s is insecure.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
CAESARPANDAstate recovery attackforgery attack
Contact author(s)
fengxt @ amss ac cn
History
2014-05-10: received
Short URL
https://ia.cr/2014/325
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/325,
      author = {Xiutao FENG and Fan ZHANG and Hui WANG},
      title = {A practical forgery and state recovery attack on the authenticated cipher {PANDA}-s},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/325},
      year = {2014},
      url = {https://eprint.iacr.org/2014/325}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.