Cryptology ePrint Archive: Report 2022/369

Matching Attacks on Romulus-M

Makoto Habu and and Kazuhiko Minematsu and Tetsu Iwata

Abstract: This paper considers a problem of identifying matching attacks against Romulus-M, one of the ten finalists of NIST Lightweight Cryptography standardization project. Romulus-M is provably secure, i.e., there is a theorem statement showing the upper bound on the success probability of attacking the scheme as a function of adversaries' resources. If there exists an attack that matches the provable security bound, then this implies that the attack is optimal, and that the bound is tight in the sense that it cannot be improved. We show that the security bounds of Romulus-M are tight for a large class of parameters by presenting concrete matching attacks.

Category / Keywords: secret-key cryptography / Lightweight cryptography, Authenticated encryption with associated data, Provable security, Romulus-M, Tightness, Matching attack

Date: received 20 Mar 2022

Contact author: habu makoto at f mbox nagoya-u ac jp, tetsu iwata at nagoya-u jp, k-minematsu at nec com

Available format(s): PDF | BibTeX Citation

Version: 20220322:132535 (All versions of this report)

Short URL: ia.cr/2022/369


[ Cryptology ePrint archive ]