Practical Cryptanalysis of PAES

Jean, Jérémy; Nikolić, Ivica; Sasaki, Yu; Wang, Lei

doi:10.1007/978-3-319-13051-4_14

Cited by 6 publications

(2 citation statements)

References 3 publications

(4 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such problems are avoided when round constants are introduced: this breaks the symmetry inside every round, as well as the symmetry between rounds. Several ciphers are vulnerable to attacks resulting from this property, such as the CAESAR candidate PAES [52,53] and the first version of Haraka [51]. The aforementioned design criterion, already present in Simpira v1, excludes the round constants of these designs.…”

Section: Design Rationale Of Simpiramentioning

confidence: 99%

Simpira v2: A Family of Efficient Permutations Using the AES Round Function

Gueron

Mouha

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

Section: Design Rationale Of Simpiramentioning

confidence: 99%

Simpira v2: A Family of Efficient Permutations Using the AES Round Function

Gueron

Mouha

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The main observation for both attacks uses symmetric properties of the keyless AES round function that are not prevented in Haraka due to highly structured round constants. This kind of structural weakness has already been used in the past against some primitives, for instance the submission PAES [JNSW14] to the CAESAR competition [Ber] in [JNSW16], or the lightweight block cipher Midori [BBI + 15] in [GJN + 15].…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of Haraka

Jean¹

2016

ToSC

Self Cite

View full text Add to dashboard Cite

In this paper, we describe attacks on the recently proposed Haraka hash functions. First, for the two hash functions Haraka-256/256 and Haraka-512/256 in the family, we show how two colliding messages can be constructed in about 216 function evaluations. Second, we invalidate the preimage security claim for Haraka-512/256 with an attack finding one preimage in about 2192 function evaluations. These attacks are possible thanks to symmetries in the internal state that are preserved over several rounds.

show abstract

Message Extension Attack against Authenticated Encryptions: Application to PANDA

Sasaki

Wang

2014

Cryptology and Network Security

View full text Add to dashboard Cite

We present a new cryptanalysis approach to analyze the security of a class of authenticated encryption schemes, which shares similarity with the previous length extension attack against hash-function-based MACs. Hence we name our approach by message extension attack. For an authenticated encryption from the target class, it consists of three phases; initialization with nonce and key as input, state update function with associated data and message as input and tag generation with updated state as input. We will show how to mount a forgery attack in the nonce-repeating model under the chosen-plaintext scenario, when both state update function and tag generation is built based on the same function. To demonstrate the effectiveness of our message extension attack approach, we apply it to a dedicated authenticated encryption called PANDA, which is a candidate of the ongoing CAESAR cryptographic competition. We successfully found an existential forgery attack on PANDA with 2 5 chosen plaintexts, 2 64 computations, and a negligible memory, and it breaks the claimed 128-bit security for the nonce-repeating model. We note that this is the first result that breaks the security claim of PANDA, which makes it withdrawn from the CAESAR competition by its designer.

show abstract

Practical Cryptanalysis of PAES

Cited by 6 publications

References 3 publications

Simpira v2: A Family of Efficient Permutations Using the AES Round Function

Simpira v2: A Family of Efficient Permutations Using the AES Round Function

Cryptanalysis of Haraka

Message Extension Attack against Authenticated Encryptions: Application to PANDA

Contact Info

Product

Resources

About