Paper 2018/066

Tweaking Generic OTR to Avoid Forgery Attacks

Hassan Qahur Al Mahri, Leonie Simpson, Harry Bartlett, Ed Dawson, and Kenneth Koon-Ho Wong

Abstract

This paper considers the security of the Offset Two-Round (OTR) authenticated encryption mode \cite{cryptoeprint:2013:628} with respect to forgery attacks. The current version of OTR gives a security proof for specific choices of the block size $(n)$ and the primitive polynomial used to construct the finite field $\mathbb{F}_{2^n}$. Although the OTR construction is generic, the security proof is not. For every choice of finite field the distinctness of masking coefficients must be verified to ensure security. In this paper, we show that some primitive polynomials result in collisions among the masking coefficients used in the current instantiation, from which forgeries can be constructed. We propose a new way to instantiate OTR so that the masking coefficients are distinct in every finite field $\mathbb{F}_{2^n}$, thus generalising OTR without reducing the security of OTR.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. International Conference on Applications and Techniques in Information Security, ATIS 2016
DOI
10.1007/978-981-10-2741-3_4
Keywords
Authenticated encryptionOTRconfidentialityintegrityforgery attacktweakable block ciphersymmetric encryptionAEAD
Contact author(s)
hassan mahri @ hdr qut edu au
History
2018-01-18: received
Short URL
https://ia.cr/2018/066
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/066,
      author = {Hassan Qahur Al Mahri and Leonie Simpson and Harry Bartlett and Ed Dawson and Kenneth Koon-Ho Wong},
      title = {Tweaking Generic OTR to Avoid Forgery Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2018/066},
      year = {2018},
      doi = {10.1007/978-981-10-2741-3_4},
      note = {\url{https://eprint.iacr.org/2018/066}},
      url = {https://eprint.iacr.org/2018/066}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.