Cryptology ePrint Archive: Report 2016/640
Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm
Asli Bay and Oguzhan Ersoy and Ferhat Karakoç
Abstract: In this paper, we provide a security analysis of ELmD: a block cipher based Encrypt-Linear-mix-Decrypt authentication mode.
As being one of the second-round CAESAR candidate, it is claimed to provide misuse resistant against forgeries and security against block-wise adaptive adversaries as well as 128-bit security against key recovery attacks.
We scrutinize ElmD in such a way that we provide universal forgery attacks as well as key recovery attacks. First, based on the collision attacks on similar structures such as Marble, AEZ, and COPA, we present universal forgery attacks. Second, by exploiting the structure of ELmD, we acquire ability to query to the block cipher used in ELmD. Finally, for one of the proposed versions of ELmD, we mount key recovery attacks reducing the effective key strength by more than 60 bits.
Category / Keywords: Authenticated encryption, CAESAR, ELmD, Forgery attack, Key recovery
Date: received 20 Jun 2016, last revised 20 Jun 2016
Contact author: oguzhan ersoy at tubitak gov tr
Available format(s): PDF | BibTeX Citation
Version: 20160621:154701 (All versions of this report)
Short URL: ia.cr/2016/640
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]