A practical forgery and state recovery attack on the authenticated cipher PANDA-s

Xiutao FENG, Fan ZHANG, and Hui WANG

Abstract

PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a state recovery attack against PANDA-s with time complexity about $2^{41}$ under the known-plaintext-attack model, which needs 137 pairs of known plaintext/ciphertext and about 2GB memories. Our attack is practical in a small workstation. Based on the above attack, we further deduce a forgery attack against PANDA-s, which can forge a legal ciphertext $(C,T)$ of an arbitrary plaintext $P$. The results show that PANDA-s is insecure.

Metadata
Available format(s)
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
CAESARPANDAstate recovery attackforgery attack
Contact author(s)
fengxt @ amss ac cn
History
2014-05-10: received
Short URL
https://ia.cr/2014/325
License

CC BY

BibTeX

@misc{cryptoeprint:2014/325,
author = {Xiutao FENG and Fan ZHANG and Hui WANG},
title = {A practical forgery and state recovery attack on the authenticated cipher PANDA-s},
howpublished = {Cryptology ePrint Archive, Paper 2014/325},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/325}},
url = {https://eprint.iacr.org/2014/325}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.