Paper 2017/1137
Note on the Robustness of CAESAR Candidates
Daniel Kales, Maria Eichlseder, and Florian Mendel
Abstract
Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-recovery to forgeries with practical complexity and a very low number of nonce-misuse queries.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- CryptanalysisNonce-misuse attacksCAESAR
- Contact author(s)
- maria eichlseder @ iaik tugraz at
- History
- 2017-11-27: received
- Short URL
- https://ia.cr/2017/1137
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/1137, author = {Daniel Kales and Maria Eichlseder and Florian Mendel}, title = {Note on the Robustness of {CAESAR} Candidates}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/1137}, year = {2017}, url = {https://eprint.iacr.org/2017/1137} }