Abstract
In this paper, we cryptanalyze three authenticated ciphers: AVALANCHE, Calico, and RBS. While the former two are contestants in the ongoing international CAESAR competition for authenticated encryption schemes, the latter has recently been proposed for lightweight applications such as RFID systems and wireless networks. All these schemes use well-established and secure components such as the AES, Grain-like NFSRs, ChaCha and SipHash as their building blocks. However, we discover key recovery attacks for all three designs, featuring square-root complexities. Using a key collision technique, we can recover the secret key of AVALANCHE in 2n/2, where n 2∈ {28; 192; 256} is the key length. This technique also applies to the authentication part of Calico whose 128-bit key can be recovered in 264 time. For RBS, we can recover its full 132-bit key in 265 time with a guess-and-determine attack. All attacks also allow the adversary to mount universal
forgeries.
Original language | English |
---|---|
Title of host publication | 3rd International Conference on Cryptology and Information Security in Latin America |
Number of pages | 12 |
Publisher | Springer |
Publication date | 2014 |
Pages | 274-287 |
ISBN (Print) | 978-3-319-16294-2 |
ISBN (Electronic) | 978-3-319-16295-9 |
Publication status | Published - 2014 |
Event | 3rd International Conference on Cryptology and Information Security in Latin America: Latincrypt 2014 - The Costão do Santinho Resort, Florianópolis, Brazil Duration: 17 Sept 2014 → 19 Sept 2014 Conference number: 3 |
Conference
Conference | 3rd International Conference on Cryptology and Information Security in Latin America |
---|---|
Number | 3 |
Location | The Costão do Santinho Resort |
Country/Territory | Brazil |
City | Florianópolis |
Period | 17/09/2014 → 19/09/2014 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 8895 |
ISSN | 0302-9743 |
Keywords
- authenticated encryption
- CAESAR
- key collision
- guess-and-determine
- universal forgery
- AVALANCHE
- Calico
- RBS