Paper 2024/1328

A Note on ARADI and LLAMA

Roberto Avanzi, University of Haifa
Orr Dunkelman, University of Haifa
Shibam Ghosh, University of Haifa
Abstract

Recently, the NSA has proposed a block cipher called ARADI and a mode of operation called LLAMA for memory encryption applications. In this note, we comment on this proposal, on its suitability for the intended application, and describe an attack on LLAMA that breaks confidentiality of ciphertext and allows a straightforward forgery attack breaking integrity of ciphertext (INT-CTXT) using a related-IV attack. Both attacks have negligible complexity.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Block CiphersLightweight CryptographyModes of OperationMemory Encryption
Contact author(s)
roberto avanzi @ gmail com
orrd @ cs haifa ac il
sghosh03 @ campus haifa ac il
History
2024-08-31: last of 2 revisions
2024-08-24: received
See all versions
Short URL
https://ia.cr/2024/1328
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX 

@misc{cryptoeprint:2024/1328,
      author = {Roberto Avanzi and Orr Dunkelman and Shibam Ghosh},
      title = {A Note on {ARADI} and {LLAMA}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1328},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1328}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.