Paper 2021/931
Practical Key Recovery Attacks on FlexAEAD
Abstract
FlexAEAD is a block cipher candidate submitted to the NIST Lightweight Cryptography standardization project, based on repeated application of an Even-Mansour construction. In order to optimize performance, the designers chose a relatively small number of rounds, using properties of the mode and bounds on differential and linear characteristics to substantiate their security claims. Due to a forgery attack with complexity
Note: This paper is partially based on a paper presented at the IMACC 2019 workshop (https://ia.cr/2019/679). The main results of the paper are new.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Minor revision. Designs, Codes and Cryptography (DCC)
- DOI
- 10.1007/s10623-022-01023-5
- Keywords
- Authenticated encryptionNIST LWCpractical key recoverytruncated differential
- Contact author(s)
-
orrd @ cs haifa ac il
maria eichlseder @ iaik tugraz at
daniel kales @ iaik tugraz at
nkeller @ math biu ac il
gaetan leurent @ inria fr
markus schofnegger @ iaik tugraz at - History
- 2024-06-07: revised
- 2021-07-09: received
- See all versions
- Short URL
- https://ia.cr/2021/931
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/931,
author = {Orr Dunkelman and Maria Eichlseder and Daniel Kales and Nathan Keller and Gaëtan Leurent and Markus Schofnegger},
title = {Practical Key Recovery Attacks on {FlexAEAD}},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/931},
year = {2021},
doi = {10.1007/s10623-022-01023-5},
url = {https://eprint.iacr.org/2021/931}
}
