Paper 2023/1525

Committing AE from Sponges: Security Analysis of the NIST LWC Finalists

Juliane Krämer, University of Regensburg
Patrick Struck, University of Konstanz
Maximiliane Weishäupl, University of Regensburg
Abstract

Committing security has gained considerable attention in the field of authenticated encryption (AE). This can be traced back to a line of recent attacks, which entail that AE schemes used in practice should not only provide confidentiality and authenticity, but also committing security. Roughly speaking, a committing AE scheme guarantees that ciphertexts will decrypt only for one key. Despite the recent research effort in this area, the finalists of the NIST lightweight cryptography standardization process have not been put under consideration yet. We close this gap by providing an analysis of these schemes with respect to their committing security. Despite the structural similarities the finalists exhibit, our results are of a quite heterogeneous nature: We break four of the schemes with effectively no costs, while for two schemes our attacks are costlier, yet still efficient. For the remaining three schemes ISAP, Ascon, and (a slightly modified version of) Schwaemm, we give formal security proofs. Our analysis reveals that sponges—due to their large states—are more favorable for committing security compared to block-ciphers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Committing securityAuthenticated encryptionNIST LWC
Contact author(s)
juliane kraemer @ ur de
patrick struck @ uni-konstanz de
maximiliane weishaeupl @ ur de
History
2024-02-23: revised
2023-10-06: received
See all versions
Short URL
https://ia.cr/2023/1525
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1525,
      author = {Juliane Krämer and Patrick Struck and Maximiliane Weishäupl},
      title = {Committing {AE} from Sponges: Security Analysis of the {NIST} {LWC} Finalists},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1525},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1525}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.