Paper 2025/1203
Breaking The Authenticated Encryption scheme HiAE
Abstract
HiAE is the fastest AEAD solution on ARM chips to date, utilizing AES round functions while also setting a new performance benchmark on the latest x86 processors. In this paper, we employ algebraic techniques to investigate the security of HiAE. Our findings reveal that HiAE is vulnerable. Firstly, we employ the meet-in-the-middle technique and guess-and-determine technique to recover the state and derive a key-related equation resulting from two layers of AES round functions. Secondly, by adopting an algebraic approach to study the properties of the round function, we decompose the equation into byte-level equations for divide-and-conquer. Finally, we utilize the guess-and-determine technique to recover the key. Collectively, these techniques enable us to present the first full key-recovery attack on HiAE. Our attack achieves a data complexity of $2^{130}$ and a time complexity of approximately $2^{209}$, leveraging both encryption and decryption oracles with a success probability of 1. In a single-key and nonce-respecting scenario, the attack fully recovers the 256-bit key, breaking the claimed 256-bit security against key-recovery attacks.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- HiAEAlgebraic attackMeet-in-the-middleGuess-and-determine
- Contact author(s)
-
xchao_h @ 163 com
jiaolin_jl @ 126 com - History
- 2025-06-30: approved
- 2025-06-27: received
- See all versions
- Short URL
- https://ia.cr/2025/1203
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/1203,
author = {Xichao Hu and Lin Jiao and Dengguo Feng and Yonglin Hao and Senpeng Wang and Yongqiang Li and Xinxin Gong},
title = {Breaking The Authenticated Encryption scheme {HiAE}},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/1203},
year = {2025},
url = {https://eprint.iacr.org/2025/1203}
}
