Paper 2015/392

Forgery Attacks on round-reduced ICEPOLE-128

Christoph Dobraunig, Maria Eichlseder, and Florian Mendel

Abstract

ICEPOLE is a family of authenticated encryptions schemes submitted to the ongoing CAESAR competition and in addition presented at CHES 2014. To justify the use of ICEPOLE, or to point out potential weaknesses, third-party cryptanalysis is needed. In this work, we evaluate the resistance of ICEPOLE-128 against forgery attacks. By using differential cryptanalysis, we are able to create forgeries from a known ciphertext-tag pair with a probability of $2^{-60.3}$ for a round-reduced version of ICEPOLE-128, where the last permutation is reduced to 4 (out of 6) rounds. This is a noticeable advantage compared to simply guessing the right tag, which works with a probability of $2^{-128}$. As far as we know, this is the first published attack in a nonce-respecting setting on round-reduced versions of ICEPOLE-128.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. SAC 2015
Keywords
CAESARICEPOLEforgerydifferential cryptanalysis
Contact author(s)
christoph dobraunig @ iaik tugraz at
History
2016-04-11: last of 2 revisions
2015-04-29: received
See all versions
Short URL
https://ia.cr/2015/392
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/392,
      author = {Christoph Dobraunig and Maria Eichlseder and Florian Mendel},
      title = {Forgery Attacks on round-reduced {ICEPOLE}-128},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/392},
      year = {2015},
      url = {https://eprint.iacr.org/2015/392}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.