Paper 2017/1137

Note on the Robustness of CAESAR Candidates

Daniel Kales, Maria Eichlseder, and Florian Mendel

Abstract

Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-recovery to forgeries with practical complexity and a very low number of nonce-misuse queries.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
CryptanalysisNonce-misuse attacksCAESAR
Contact author(s)
maria eichlseder @ iaik tugraz at
History
2017-11-27: received
Short URL
https://ia.cr/2017/1137
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1137,
      author = {Daniel Kales and Maria Eichlseder and Florian Mendel},
      title = {Note on the Robustness of CAESAR Candidates},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1137},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1137}},
      url = {https://eprint.iacr.org/2017/1137}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.