Paper 2015/392

Forgery Attacks on round-reduced ICEPOLE-128

Christoph Dobraunig, Maria Eichlseder, and Florian Mendel


ICEPOLE is a family of authenticated encryptions schemes submitted to the ongoing CAESAR competition and in addition presented at CHES 2014. To justify the use of ICEPOLE, or to point out potential weaknesses, third-party cryptanalysis is needed. In this work, we evaluate the resistance of ICEPOLE-128 against forgery attacks. By using differential cryptanalysis, we are able to create forgeries from a known ciphertext-tag pair with a probability of $2^{-60.3}$ for a round-reduced version of ICEPOLE-128, where the last permutation is reduced to 4 (out of 6) rounds. This is a noticeable advantage compared to simply guessing the right tag, which works with a probability of $2^{-128}$. As far as we know, this is the first published attack in a nonce-respecting setting on round-reduced versions of ICEPOLE-128.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. SAC 2015
CAESARICEPOLEforgerydifferential cryptanalysis
Contact author(s)
christoph dobraunig @ iaik tugraz at
2016-04-11: last of 2 revisions
2015-04-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christoph Dobraunig and Maria Eichlseder and Florian Mendel},
      title = {Forgery Attacks on round-reduced ICEPOLE-128},
      howpublished = {Cryptology ePrint Archive, Paper 2015/392},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.