You are looking at a specific version 20150216:050821 of this paper. See the latest version.

Paper 2015/091

Related-Key Forgeries for Prøst-OTR

Christoph Dobraunig and Maria Eichlseder and Florian Mendel

Abstract

We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K + Delta with related nonces, we can forge the ciphertext and tag for a modified message under K. If we can query ciphertexts for chosen messages under K + Delta, we can achieve almost universal forgery for K. The computational complexity is negligible.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in FSE 2015
Keywords
CAESAR competitionPrøstauthenticated encryptioncryptanalysisrelated-key
Contact author(s)
maria eichlseder @ iaik tugraz at
History
2015-02-16: received
Short URL
https://ia.cr/2015/091
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.