Cryptanalysis of ForkAES

Subhadeep Banik, Jannis Bossert, Amit Jana, Eik List, Stefan Lucks, Willi Meier, Mostafizar Rahman, Dhiman Saha, and Yu Sasaki

Abstract

Forkciphers are a new kind of primitive proposed recently by Andreeva et al. for efficient encryption and authentication of small messages. They fork the middle state of a cipher and encrypt it twice under two smaller independent permutations. Thus, forkciphers produce two output blocks in one primitive call. Andreeva et al. proposed ForkAES, a tweakable AES-based forkcipher that splits the state after five out of ten rounds. While their authenticated encrypted schemes were accompanied by proofs, the security discussion for ForkAES was not provided, and founded on existing results on the AES and KIASU-BC. Forkciphers provide a unique interface called reconstruction queries that use one ciphertext block as input and compute the respective other ciphertext block. Thus, they deserve a careful security analysis. This work fosters the understanding of the security of ForkAES with three contributions: (1) We observe that security in reconstruction queries differs strongly from the existing results on the AES. This allows to attack nine out of ten rounds with differential, impossible-differential and yoyo attacks. (2) We observe that some forkcipher modes may lack the interface of reconstruction queries, so that attackers must use encryption queries. We show that nine rounds can still be attacked with rectangle and impossible-differential attacks. (3) We present forgery attacks on the AE modes proposed by Andreeva et al. with nine-round ForkAES.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. MAJOR revision.ACNS 2019
Keywords
Symmetric-key cryptographycryptanalysistweakable block cipherimpossible differentialboomerangyoyo and AE
Contact author(s)
sasaki yu @ lab ntt co jp
History
2019-04-18: revised
See all versions
Short URL
https://ia.cr/2019/289

CC BY

BibTeX

@misc{cryptoeprint:2019/289,
author = {Subhadeep Banik and Jannis Bossert and Amit Jana and Eik List and Stefan Lucks and Willi Meier and Mostafizar Rahman and Dhiman Saha and Yu Sasaki},
title = {Cryptanalysis of ForkAES},
howpublished = {Cryptology ePrint Archive, Paper 2019/289},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/289}},
url = {https://eprint.iacr.org/2019/289}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.