Attacks and Security Proofs of EAX-Prime

Kazuhiko Minematsu; Stefan Lucks; Hiraku Morita; Tetsu Iwata

Paper 2012/018

Attacks and Security Proofs of EAX-Prime

Kazuhiko Minematsu, Stefan Lucks, Hiraku Morita, and Tetsu Iwata

Abstract

EAX $^{'}$ (EAX-prime) is an authenticated encryption (AE) specified by ANSI C12.22 as a standard security function for Smart Grid. EAX $^{'}$ is based on EAX proposed by Bellare, Rogaway, and Wagner. While EAX has a proof of security based on the pseudorandomness of the internal blockcipher, no published security result is known for EAX $^{'}$ . This paper studies the security of EAX $^{'}$ and shows that there is a sharp distinction in security of EAX $^{'}$ depending on the input length. EAX $^{'}$ encryption takes two inputs, called cleartext and plaintext, and we present various efficient attacks against EAX using single-block cleartext and plaintext. At the same time we prove that if cleartexts are always longer than one block, it is provably secure based on the pseudorandomness of the blockcipher.

Note: The previous title was "Cryptanalysis of EAXprime". A part of the result was presented at DIAC, and a preliminary version of this paper appears in the proceedings of FSE 2013. This is the full version.

Metadata

Available format(s): PDF
Publication info: Published elsewhere. Unknown where it was published
Keywords: Authenticated Encryption EAX EAX Attack Provable Security
Contact author(s): k-minematsu @ ah jp nec com
History: 2013-05-14: last of 4 revisions; 2012-01-14: received; See all versions
Short URL: https://ia.cr/2012/018
License: CC BY

BibTeX

@misc{cryptoeprint:2012/018,
      author = {Kazuhiko Minematsu and Stefan Lucks and Hiraku Morita and Tetsu Iwata},
      title = {Attacks and Security Proofs of {EAX}-Prime},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/018},
      year = {2012},
      url = {https://eprint.iacr.org/2012/018}
}