Paper 2014/197

Breaking POET Authentication with a Single Query

Jian Guo, Jérémy Jean, Thomas Peyrin, and Wang Lei


In this short article, we describe a very practical and simple attack on the authentication part of POET authenticated encryption mode proposed at FSE 2014. POET is a provably secure scheme that was designed to resist various attacks where the adversary is allowed to repeat the nonce, or even when the message is output before verifying the validity of the tag when querying the decryption oracle. However, we demonstrate that using only a single encryption query and a negligible amount of computations, even without any special misuse from the attacker, it is possible to generate many valid ciphertext/tag pairs for POET. Our work shows that one should not use POET for any application where authentication property is required. Furthermore, we propose a possible patch to overcome this particular issue, yet without backing up this patch with a security proof.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
authenticated encryptionCAESARPOEPOETcryptanalysisauthenticity
Contact author(s)
thomas peyrin @ ntu edu sg
2014-03-16: revised
2014-03-14: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jian Guo and Jérémy Jean and Thomas Peyrin and Wang Lei},
      title = {Breaking POET Authentication with a Single Query},
      howpublished = {Cryptology ePrint Archive, Paper 2014/197},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.