Cryptology ePrint Archive: Report 2015/811

Key-recovery attacks against the MAC algorithm Chaskey

Chrysanthi Mavromati

Abstract: Chaskey is a Message Authentication Code (MAC) for 32-bit microcontrollers proposed by Mouha et. al at SAC 2014. Its underlying blockcipher uses an Even-Mansour construction with a permutation based on the ARX methodology. In this paper, we present key-recovery attacks against Chaskey in the single and multi-user setting. These attacks are based on recent work by Fouque, Joux and Mavromati presented at Asiacrypt 2014 on Even-Mansour based constructions. We first show a simple attack on the classical single-user setting which confirms the security properties of Chaskey. Then, we describe an attack in the multi-user setting and we recover all keys of 2^{43} users by doing 2^{43} queries per user. Finally, we show a variant of this attack where we are able to recover keys of two users in a smaller group of 2^{32} users.

Category / Keywords: secret-key cryptography / Message Authentication Code, Collision-based cryptanalysis, ARX, Even-Mansour, Chaskey, Multi-user setting

Original Publication (in the same form): SAC 2015

Date: received 14 Aug 2015

Contact author: chrys mavromati at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150814:154753 (All versions of this report)

Short URL: ia.cr/2015/811

Discussion forum: Show discussion | Start new discussion