Cryptology ePrint Archive: Report 2016/640

Universal Forgery and Key Recovery Attacks on ELmD Authenticated Encryption Algorithm

Asli Bay and Oguzhan Ersoy and Ferhat Karakoç

Abstract: In this paper, we provide a security analysis of ELmD: a block cipher based Encrypt-Linear-mix-Decrypt authentication mode. As being one of the second-round CAESAR candidate, it is claimed to provide misuse resistant against forgeries and security against block-wise adaptive adversaries as well as 128-bit security against key recovery attacks. We scrutinize ElmD in such a way that we provide universal forgery attacks as well as key recovery attacks. First, based on the collision attacks on similar structures such as Marble, AEZ, and COPA, we present universal forgery attacks. Second, by exploiting the structure of ELmD, we acquire ability to query to the block cipher used in ELmD. Finally, for one of the proposed versions of ELmD, we mount key recovery attacks reducing the effective key strength by more than 60 bits.

Category / Keywords: Authenticated encryption, CAESAR, ELmD, Forgery attack, Key recovery

Date: received 20 Jun 2016, last revised 20 Jun 2016

Contact author: oguzhan ersoy at tubitak gov tr

Available format(s): PDF | BibTeX Citation

Version: 20160621:154701 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]