Cryptology ePrint Archive: Report 2019/457

Forgery Attack on mixFeed in the Nonce-Misuse Scenario

Mustafa Khairallah

Abstract: mixFeed [CN19] is a round 1 candidate for the NIST Lightweight Cryptography Standardization Project. It is a single-pass, nonce-based, AES-based authenticated encryption algorithms. The authors claim that while there are no guarantees for security in terms of confidentiality in case of nonce-misuse (repetition), the integrity security still holds up to 2^32 data complexity. In this report, this claim is not true in case the plaintext length is non-zero (≥ 16 bytes to be exact). We show a forgery attack that requires only two encryption queries with the same nonce and 34 bytes of data.

Category / Keywords: secret-key cryptography / AEAD, forgery, mixFeed, Nonce Misuse, collision

Date: received 6 May 2019

Contact author: mustafam001 at e ntu edu sg

Available format(s): PDF | BibTeX Citation

Version: 20190510:122051 (All versions of this report)

Short URL: ia.cr/2019/457


[ Cryptology ePrint archive ]