Forgery Attacks on FlexAE and FlexAEAD

Eichlseder, Maria; Kales, Daniel; Schofnegger, Markus

doi:10.1007/978-3-030-35199-1_10

Cited by 4 publications

(14 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bleep64 [5,41], CLAE [38], FlexAEAD [11,12], GAGE and InGAGE [4], HERN and HERON [21], Liliput-AE [9,10], Limdolen [35,36], Qameleon [13], Quartet [33], Remus [14], Simple [23], SIV-Rijndael256 [8], SIV-TEM-PHOTON [8], SNEIK [15], Sycon [24], TGIF [14], Triad [25]…”

Section: Forgery Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Status report on the first round of the NIST lightweight cryptography standardization process

Turan¹,

McKay²,

Çalık³

et al. 2019

View full text Add to dashboard Cite

Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

Section: Forgery Attacksmentioning

confidence: 99%

“…FlexAEAD. Eichlseder et al [11,12] showed a forgery attack on FlexAEAD. Additionally, Mege [20] showed that FlexAEAD is vulnerable against length-extension attacks.…”

Section: CLXmentioning

confidence: 99%

Status report on the first round of the NIST lightweight cryptography standardization process

Turan¹,

McKay²,

Çalık³

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The next is the SBox layer, where each quarter suffers a nonlinear transformation using a different SBox. The first SBox is the AES SBox, the other SBoxes are generate using the process as the first (multiplicative inverse on the 2 8 ) using different irreducible polynomial (IP), multiplicative constant (MC) and additive constants (A).…”

Section: Algorithm Descriptionmentioning

confidence: 99%

FlexAEAD v1.1 -A Lightweight AEAD Cipher with Integrated Authentication

Nascimento¹,

Xexeo²

2019

J. Inf. Secur. Cryptogr.

View full text Add to dashboard Cite

This paperdescribes a symmetrical block cipher family – FlexAEAD v1.1. This is an updated version of the work presented as round 1 candidate on the contest for NIST lightweight crypto standardization process. It was engineered to be lightweight, consuming less computational resources than other ciphers and to work with different block and key sizes. Other important characteristic is to integrate the authentication on its basic algorithm. This approach is helps to reduce the resource needs. The algorithm capacity to resist against linear and different cryptanalysis attacks was evaluated. The FlexAEAD also supports the authentication of the Associated Data (AD). The version 1.1 makes the algorithm resistant to iterated differential attacks. It also resolves a padding attack on the AD that allowed messages to have the same tag if the last AD block was filled with zeros.

show abstract

“…Furthermore, they showed that these attacks can be leveraged into a forgery attack on the entire encryption scheme, with complexity of 2 50 , 2 60 , and 2 80 for FlexAEAD-64, FlexAEAD-128, and FlexAEAD-256 (respectively). In [3] (on which this paper is partially based), Eichlseder et al presented improved forgery attacks on the cryptosystem, with complexities of 2 46 , 2 54 , and 2 70 for FlexAEAD-64, FlexAEAD-128, and FlexAEAD-256 (respectively). Due to these forgery attacks, FlexAEAD was not selected for the second round of evaluation in the NIST LWC standartization project [15].…”

Section: Introductionmentioning

confidence: 99%

“…In this paper we present a practical key recovery attack on FlexAEAD-64. Like in [3,16], the starting point of our attack is a truncated differential of PF K . However, the application of PF K in the mode which we target differs from the application targeted in [3,16].…”

Section: Introductionmentioning

confidence: 99%

Practical key recovery attacks on FlexAEAD

Dunkelman

Eichlseder

Kales

et al. 2022

Des. Codes Cryptogr.

Self Cite

View full text Add to dashboard Cite

FlexAEAD is a block cipher candidate submitted to the NIST Lightweight Cryptography standardization project, based on repeated application of an Even-Mansour construction. In order to optimize performance, the designers chose a relatively small number of rounds, using properties of the mode and bounds on differential and linear characteristics to substantiate their security claims. Due to a forgery attack with complexity of 2 46 , FlexAEAD was not selected to the second round of evaluation in the NIST project. In this paper we present a practical key recovery attack on FlexAEAD, using clusters of differentials for the internal permutation and the interplay between different parts of the mode. Our attack, that was fully verified in practice, allows recovering the secret subkeys of FlexAEAD-64 with time complexity of less than 2 31 encryptions (with experimental success rate of 75%). This is the first practical key recovery attack on a candidate of the NIST standartization project.

show abstract

Forgery Attacks on FlexAE and FlexAEAD

Cited by 4 publications

References 7 publications

Status report on the first round of the NIST lightweight cryptography standardization process

Status report on the first round of the NIST lightweight cryptography standardization process

FlexAEAD v1.1 -A Lightweight AEAD Cipher with Integrated Authentication

Practical key recovery attacks on FlexAEAD

Contact Info

Product

Resources

About