Paper 2023/1495

Key Committing Security Analysis of AEGIS

Takanori Isobe, University of Hyogo
Mostafizar Rahman, University of Hyogo

Recently, there has been a surge of interest in the security of authenticated encryption with associated data (AEAD) within the context of key commitment frameworks. Security within this framework ensures that a ciphertext chosen by an adversary does not decrypt to two different sets of key, nonce, and associated data. Despite this increasing interest, the security of several widely deployed AEAD schemes has not been thoroughly examined within this framework. In this work, we assess the key committing security of AEGIS, which emerged as a winner in the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR). A recent assertion has been made suggesting that there are no known attacks on AEGIS in the key committing settings and AEGIS qualifies as a fully committing AEAD scheme in IETF document. However, contrary to this claim, we propose a novel O(1) attack applicable to all variants of AEGIS. This demonstrates the ability to execute a key committing attack within the FROB game setting, which is known to be one of the most stringent key committing frameworks. This implies that our attacks also hold validity in other, more relaxed frameworks, such as CMT-1, CMT-4, and so forth.

Available format(s)
Attacks and cryptanalysis
Publication info
AEGISKey Commitment
Contact author(s)
takanori isobe @ ai u-hyogo ac jp
mrahman454 @ gmail com
2023-10-06: last of 3 revisions
2023-09-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Takanori Isobe and Mostafizar Rahman},
      title = {Key Committing Security Analysis of AEGIS},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1495},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.