Paper 2018/464
Cryptanalysis of MORUS
Abstract
MORUS is a high-performance authenticated encryption algorithm submitted to the CAESAR competition, and recently selected as a finalist.There are three versions of MORUS: MORUS-640 with a 128-bit key, and MORUS-1280 with 128-bit or 256-bit keys. For all versions the security claim for confidentiality matches the key size.In this paper, we analyze the components of this algorithm (initialization, state update and tag generation), and report several results.
As our main result, we present a linear correlation in the keystream of full MORUS, which can be used to distinguish its output from random and to recover some plaintext bits in the broadcast setting.For MORUS-1280, the correlation is
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2018
- DOI
- 10.1007/978-3-030-03329-3_2
- Keywords
- MORUSCAESARAuthenticated EncryptionNonce RespectingLinear CryptanalysisConfidentiality
- Contact author(s)
- brice minaud @ gmail com
- History
- 2024-06-07: last of 2 revisions
- 2018-05-21: received
- See all versions
- Short URL
- https://ia.cr/2018/464
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/464, author = {Tomer Ashur and Maria Eichlseder and Martin M. Lauridsen and Gaëtan Leurent and Brice Minaud and Yann Rotella and Yu Sasaki and Benoît Viguier}, title = {Cryptanalysis of {MORUS}}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/464}, year = {2018}, doi = {10.1007/978-3-030-03329-3_2}, url = {https://eprint.iacr.org/2018/464} }