Paper 2022/111

Breaking Panther

Christina Boura, Rachelle Heim Boissier, and Yann Rotella

Abstract

Panther is a sponge-based lightweight authenticated encryption scheme published at Indocrypt 2021. Its round function is based on four Nonlinear Feedback Shift Registers (NFSRs). We show here that it is possible to fully recover the secret key of the construction by using a single known plaintext-ciphertext pair and with minimal computational ressources. Furthermore, we show that in a known ciphertext setting an attacker is able with the knowledge of a single ciphertext to decrypt all plaintext blocks expect for the very first ones and can forge the tag with only one call and probability one. As we demonstrate, the problem of the design comes mainly from the low number of iterations of the round function during the absorption phase. All of our attacks have been implemented and validated.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
cryptanalysispanther
Contact author(s)
rachelle heim @ uvsq fr
christina boura @ uvsq fr
yann rotella @ uvsq fr
History
2022-01-31: received
Short URL
https://ia.cr/2022/111
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/111,
      author = {Christina Boura and Rachelle Heim Boissier and Yann Rotella},
      title = {Breaking Panther},
      howpublished = {Cryptology ePrint Archive, Paper 2022/111},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/111}},
      url = {https://eprint.iacr.org/2022/111}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.