Cryptology ePrint Archive: Report 2015/392

Forgery Attacks on round-reduced ICEPOLE-128

Christoph Dobraunig and Maria Eichlseder and Florian Mendel

Abstract: ICEPOLE is a family of authenticated encryptions schemes submitted to the ongoing CAESAR competition and in addition presented at CHES 2014. To justify the use of ICEPOLE, or to point out potential weaknesses, third-party cryptanalysis is needed. In this work, we evaluate the resistance of ICEPOLE-128 against forgery attacks. By using differential cryptanalysis, we are able to create forgeries from a known ciphertext-tag pair with a probability of $2^{-60.3}$ for a round-reduced version of ICEPOLE-128, where the last permutation is reduced to 4 (out of 6) rounds. This is a noticeable advantage compared to simply guessing the right tag, which works with a probability of $2^{-128}$. As far as we know, this is the first published attack in a nonce-respecting setting on round-reduced versions of ICEPOLE-128.

Category / Keywords: secret-key cryptography / CAESAR, ICEPOLE, forgery, differential cryptanalysis

Original Publication (in the same form): SAC 2015

Date: received 27 Apr 2015, last revised 10 Apr 2016

Contact author: christoph dobraunig at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20160411:054140 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]