Cryptology ePrint Archive: Report 2017/1137

Note on the Robustness of CAESAR Candidates

Daniel Kales and Maria Eichlseder and Florian Mendel

Abstract: Authenticated ciphers rely on the uniqueness of the nonces to meet their security goals. In this work, we investigate the implications of reusing nonces for three third-round candidates of the ongoing CAESAR competition, namely Tiaoxin, AEGIS and MORUS. We show that an attacker that is able to force nonces to be reused can reduce the security of the ciphers with results ranging from full key-recovery to forgeries with practical complexity and a very low number of nonce-misuse queries.

Category / Keywords: secret-key cryptography / Cryptanalysis, Nonce-misuse attacks, CAESAR

Date: received 23 Nov 2017

Contact author: maria eichlseder at iaik tugraz at

Available format(s): PDF | BibTeX Citation

Version: 20171127:131911 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]