### Analyzing the Provable Security Bounds of GIFT-COFB and Photon-Beetle

Akiko Inoue, Tetsu Iwata, and Kazuhiko Minematsu

##### Abstract

We study the provable security claims of two NIST Lightweight Cryptography (LwC) finalists, GIFT-COFB and Photon-Beetle, and present several attacks whose complexities contradict their claimed bounds in their final round specification documents. For GIFT-COFB, we show an attack using $q_e$ encryption queries and no decryption query to break privacy (IND-CPA). The success probability is $O(q_e/2^{n/2})$ for $n$-bit block while the claimed bound contains $O(q^2_e/2^{n})$. This positively solves an open question posed in~[Khairallah, ePrint~2021/648 (also accepted at FSE~2022)]. For Photon-Beetle, we show an attack using $q_e$ encryption queries (using a small number of input blocks) followed by a single decryption query and no primitive query to break authenticity (INT-CTXT). The success probability is $O(q^2_e/2^{b})$ for a $b$-bit block permutation, and it is significantly larger than what the claimed bound tells, which is independent of the number of encryption queries. We also show a simple tag guessing attack that violates the INT-CTXT bound when the rate $r=32$. Then, we analyze other (improved/modified) bounds of Photon-Beetle shown in the subsequent papers~[Chakraborty et al., ToSC 2020(2) and Chakraborty et al., ePrint~2019/1475]. As a side result of our security analysis of Photon-Beetle, we point out that a simple and efficient forgery attack is possible in the related-key setting. We emphasize that our results do not contradict the claimed bit security'' in the LwC specification documents for any of the schemes that we studied. That is, we do not negate the claims that GIFT-COFB is $(n/2 - \log n)$-bit secure for $n=128$, and Photon-Beetle is $(b/2 - \log b/2)$-bit secure for $b=256$ and $r=128$, where $r$ is a rate. We also note that the security against related-key attacks is not included in the security requirements of NIST LwC, and is not claimed by the designers.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. ACNS 2022
Keywords
Contact author(s)
a_inoue @ nec com
tetsu iwata @ nagoya-u jp
k-minematsu @ nec com
History
2022-03-30: revised
See all versions
Short URL
https://ia.cr/2022/001

CC BY

BibTeX

@misc{cryptoeprint:2022/001,
author = {Akiko Inoue and Tetsu Iwata and Kazuhiko Minematsu},
title = {Analyzing the Provable Security Bounds of GIFT-COFB and Photon-Beetle},
howpublished = {Cryptology ePrint Archive, Paper 2022/001},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/001}},
url = {https://eprint.iacr.org/2022/001}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.