Paper 2020/1463
Observations on the Tightness of the Security Bounds of GIFT-COFB and HyENA
Mustafa Khairallah
Abstract
In this article, we analyze and investigate two authenticated encryption algorithms: GIFT-COFB and HyENA. The two modes differ in some low levels details in both the design and security proofs. However, they share a lot of similarities. We take a look at the best-known attacks and security proofs of these designs. We show that the best-known attack is not a matching attack to the security bounds provided by the designers in the security proof. Second, we give a new attack that we characterize as an {\it "almost matching"} attack. It is significantly closer to the provable security bounds. The new attack requires $O(2^{n/4})$ encryptions and $O(2^{n/2})$ decryptions, as opposed to $O(2^{n/2})$ encryptions and $O(2^{n/2})$ decryptions shown previously. However, there is still a substantial logarithmic gap between this attack and the corresponding security bound. Next, we analyze why this gap still exists and why it is unlikely to find matching attacks. We give two arguments. The first argument is by analyzing the security proof and showing how it masks a term with non-negligible encryption complexity. The second argument looks at the attacker's point of view. A successful attack requires satisfying a non-trivial linear equation over secret random variables. Satisfying such an equation requires more decryption queries than what is bounded by the security proof. It is worth emphasizing that the analysis and attacks presented in this paper {\it do not} threaten the security claims made by the designers or the security of these designs within the parameters required by the NIST lightweight cryptography project. The results increase confidence in the security claims of GIFT-COFB and HyENA while showing their limitations by relying mostly on bounding the number of unsuccessful forgeries.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- MUSTAFAM001 @ e ntu edu sg
- History
- 2021-05-18: revised
- 2020-11-24: received
- See all versions
- Short URL
- https://ia.cr/2020/1463
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1463, author = {Mustafa Khairallah}, title = {Observations on the Tightness of the Security Bounds of {GIFT}-{COFB} and {HyENA}}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1463}, year = {2020}, url = {https://eprint.iacr.org/2020/1463} }