Cryptology ePrint Archive: Report 2014/363
Forging Attacks on two Authenticated Encryptions COBRA and POET
Abstract: In FSE 2014, an authenticated encryption mode COBRA , based on pseudorandom permutation (PRP) blockcipher, and POET , based on Almost XOR-Universal (AXU) hash and strong pseudorandom permutation (SPRP), were proposed. Few weeks later, COBRA mode and a simple variant of the original proposal of POET (due to a forging attack  on the original proposal) with AES as an underlying blockcipher, were submitted in CAESAR, a competition  of authenticated encryption
(AE). In this paper we show a forging attack on the mode COBRA based on any n-bit blockcipher. Our attack on COBRA requires about O(n) queries with success probability about 1/2. This disproves the
claim proved in FSE 2014 paper. We also show both privacy and forging attack on the parallel version of POET, denoted POET-m. In case of the modes POET or POE (the underlying modes for encryption), we show one query distinguishing attack when we instantiate the underlying AXU-hash function with some other AXU hash function, namely uniform random involution. Thus, our result violates the designer's main claim (Theorem 8.1 in ). However, the attacks can not be extended directly for the specific choices of existing submitted versions to the CAESAR competition.
Category / Keywords: secret-key cryptography / Authenticated Encryption, COBRA, POET, Distinguishing and Forging Attack.
Date: received 24 May 2014, last revised 26 May 2014
Contact author: mridul nandi at gmail com
Available format(s): PDF | BibTeX Citation
Note: The original forging attack on POET-m is not correct. So we have revised in this version.
Version: 20140526:083352 (All versions of this report)
Short URL: ia.cr/2014/363
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]