Nothing Special   »   [go: up one dir, main page]

Skip to main content

Gain: Practical Key-Recovery Attacks on Round-reduced PAEQ

  • Conference paper
  • First Online:
Security, Privacy, and Applied Cryptography Engineering (SPACE 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10076))

Abstract

This work presents practical key-recovery attacks on round-reduced variants of CAESAR Round 2 candidate PAEQ by analyzing it in the light of guess-and-determine analysis. The attack developed here targets the mode of operation along with diffusion inside the AES based internal permutation AESQ. The first attack uses a guess-and-invert technique leading to a meet-in-the-middle attack that is able to recover the key for 6 out of the 20 rounds of paeq-64/80/128 with reduced key entropy of \(1,2^{16}\) and \(2^{32}\) respectively. The second analysis extends the attack to 7 rounds using a invert-and-guess strategy which results in reduced key-space of \(2^{24},2^{32}\) and \(2^{40}\) for the same PAEQ variants. Finally, an 8-round attack is mounted using a guess-invert-guess strategy which works on any of the three variants with a complexity of \(2^{48}\). Moreover, unlike the CICO attack mounted by the designers which works with only AESQ, our 8-round attack additionally takes into account the mode of operation of PAEQ.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    It is understood that here 2|n.

  2. 2.

    The unknown byte of the input column.

  3. 3.

    Except the last branch when the last message block is incomplete. This is because for last incomplete block output is further truncated resulting in loss of information available to the attacker.

References

  1. Al Fardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: IEEE Symposium on Security and Privacy 2013, pp. 526–540. IEEE (2013)

    Google Scholar 

  2. Alex Biryukov, D.K.: PAEQ v1 (2014). http://competitions.cr.yp.to/round1/paeqv1.pdf

  3. Bagheri, N., Mendel, F., Sasaki, Y.: Improved rebound attacks on AESQ: core permutation of CAESAR candidate PAEQ. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9723, pp. 301–316. Springer, Heidelberg (2016). doi:10.1007/978-3-319-40367-0_19

    Chapter  Google Scholar 

  4. Biryukov, A., Khovratovich, D.: PAEQ: parallelizable permutation-based authenticated encryption. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 72–89. Springer, Heidelberg (2014). doi:10.1007/978-3-319-13257-0_5

    Google Scholar 

  5. Boura, C., Chakraborti, A., Leurent, G., Paul, G., Saha, D., Soleimany, H., Suder, V.: Key recovery attack against 2.5-round \(\pi \)-cipher. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 535–553. Springer, Heidelberg (2016). doi:10.1007/978-3-662-52993-5_27

    Chapter  Google Scholar 

  6. CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2014). http://competitions.cr.yp.to/caesar.html/

  7. Duong, T., Rizzo, J.: Here Come The XOR Ninjas. White paper, Netifera (2011)

    Google Scholar 

  8. Gligoroski, D., Mihajloska, H., Samardjiska, S., Jacobsen, H., El-Hadedy, M., Jensen, R., Otte, D.: \(\pi \)-Cipher v2.0. Submission to the CAESAR Competition (2014). http://competitions.cr.yp.to/caesar-submissions.html/

  9. Saha, D., Chowdhury, D.R.: EnCounter: on breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 581–601. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53140-2_28

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Dhiman Saha .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Saha, D., Kakarla, S., Mandava, S., Chowdhury, D.R. (2016). Gain: Practical Key-Recovery Attacks on Round-reduced PAEQ . In: Carlet, C., Hasan, M., Saraswat, V. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2016. Lecture Notes in Computer Science(), vol 10076. Springer, Cham. https://doi.org/10.1007/978-3-319-49445-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49445-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49444-9

  • Online ISBN: 978-3-319-49445-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics