Abstract
In this paper, we cryptanalyze three authenticated ciphers: AVALANCHE, Calico, and RBS. While the former two are contestants in the ongoing international CAESAR competition for authenticated encryption schemes, the latter has recently been proposed for lightweight applications such as RFID systems and wireless networks.
All these schemes use well-established and secure components such as the AES, Grain-like NFSRs, ChaCha and SipHash as their building blocks. However, we discover key recovery attacks for all three designs, featuring square-root complexities. Using a key collision technique, we can recover the secret key of AVALANCHE in \(2^{n/2}\), where \(n\in \{128,192,256\}\) is the key length. This technique also applies to the authentication part of Calico whose 128-bit key can be recovered in \(2^{64}\) time. For RBS, we can recover its full 132-bit key in \(2^{65}\) time with a guess-and-determine attack. All attacks also allow the adversary to mount universal forgeries.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness, March 2014. http://competitions.cr.yp.to/caesar.html
Ågren, M., Hell, M., Johansson, T.: On hardware-oriented message authentication. IET Inf. Secur. 6, 329–336 (2012)
Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. IJWMC 5, 48–59 (2011)
Alomair, B.: AVALANCHEv1. Submission to the CAESAR competition (2014). http://competitions.cr.yp.to/round1/avalanchev1.pdf
Aumasson, J.-P., Bernstein, D.J.: SipHash: a fast short-input PRF. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 489–508. Springer, Heidelberg (2012)
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Bernstein, D.J.: ChaCha, a variant of Salsa20. In: Workshop Record of SASC 2008: The State of the Art of Stream Ciphers (2008)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. Submission to NIST (2011)
Dworkin, M.J.: SP 800–38C. Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. Technical report, Gaithersburg, MD, United States (2004)
Dworkin, M.J.: SP 800–38D. Recommendation for block cipher modes of operation: galois/counter mode (GCM) and GMAC. Technical report, Gaithersburg, MD, United States (2007)
ISO 19772:2009. Information technology - Security techniques - Authenticated encryption (2009)
Jeddi, Z., Amini, E., Bayoumi, M.: A novel authenticated cipher for RFID systems. Int. J. Crypt. Inf. Secur. 4 (2014)
Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001)
Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)
McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)
Mendel, F., Mennink, B., Rijmen, V., Tischhauser, E.: A simple key-recovery attack on McOE-X. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 23–31. Springer, Heidelberg (2012)
Minematsu, K.: Parallelizable rate-1 authenticated encryption from pseudorandom functions. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 275–292. Springer, Heidelberg (2014)
Quisquater, J.-J., Delescaille, J.-P.: How easy is collision search. new results and applications to DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 408–413. Springer, Heidelberg (1990)
Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, pp. 196–205 (2001)
Taylor, C.: The Calico Family of Authenticated Ciphers Version 8. Submission to the CAESAR competition (2014). http://competitions.cr.yp.to/round1/calicov8.pdf
Acknowledgments
The work has been supported in part by the Austrian government through the research program FIT-IT Trust in IT Systems (project 835919) and by the Austrian Science Fund (project P26494-N15).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Bogdanov, A. et al. (2015). Key Recovery Attacks on Recent Authenticated Ciphers. In: Aranha, D., Menezes, A. (eds) Progress in Cryptology - LATINCRYPT 2014. LATINCRYPT 2014. Lecture Notes in Computer Science(), vol 8895. Springer, Cham. https://doi.org/10.1007/978-3-319-16295-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-16295-9_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16294-2
Online ISBN: 978-3-319-16295-9
eBook Packages: Computer ScienceComputer Science (R0)