Conference paper Open Access
Schroé, Willem; Mennink, Bart; Andreeva, Elena; Preneel, Bart
<?xml version='1.0' encoding='utf-8'?> <resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd"> <identifier identifierType="DOI">10.5281/zenodo.55452</identifier> <creators> <creator> <creatorName>Schroé, Willem</creatorName> <givenName>Willem</givenName> <familyName>Schroé</familyName> <affiliation>KU Leuven</affiliation> </creator> <creator> <creatorName>Mennink, Bart</creatorName> <givenName>Bart</givenName> <familyName>Mennink</familyName> <affiliation>KU Leuven</affiliation> </creator> <creator> <creatorName>Andreeva, Elena</creatorName> <givenName>Elena</givenName> <familyName>Andreeva</familyName> <affiliation>KU Leuven</affiliation> </creator> <creator> <creatorName>Preneel, Bart</creatorName> <givenName>Bart</givenName> <familyName>Preneel</familyName> <affiliation>KU Leuven</affiliation> </creator> </creators> <titles> <title>Forgery and Subkey Recovery on CAESAR candidate iFeed</title> </titles> <publisher>Zenodo</publisher> <publicationYear>2015</publicationYear> <subjects> <subject>CAESAR, iFeed, Forgery, Subkey recovery, Breaking forward secrecy</subject> </subjects> <dates> <date dateType="Issued">2015-08-12</date> </dates> <resourceType resourceTypeGeneral="Text">Conference paper</resourceType> <alternateIdentifiers> <alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/55452</alternateIdentifier> </alternateIdentifiers> <relatedIdentifiers> <relatedIdentifier relatedIdentifierType="DOI" relationType="IsPartOf">10.1007/978-3-319-31301-6</relatedIdentifier> <relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://zenodo.org/communities/hector</relatedIdentifier> </relatedIdentifiers> <rightsList> <rights rightsURI="https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode">Creative Commons Attribution Non Commercial Share Alike 4.0 International</rights> <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights> </rightsList> <descriptions> <description descriptionType="Abstract"><p>iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the nonce-reuse setting. Recently, Chakraborti et al. published forgeries on iFeed in the RUP and nonce-reuse settings. The latter attacks, however, do not invalidate the iFeed designers’ security claims. In this work, we consider the security of iFeed in the nonce-respecting setting, and show that a valid forgery can be constructed after only one encryption query. Even more, the forgery leaks both subkeys <em>E</em><em>K</em>(0128) and <em>E</em><em>K</em>(<em>P</em><em>M</em><em>N</em>∥1), where <em>K</em> is the secret key and <em>P</em><em>M</em><em>N</em> the nonce used for the authenticated encryption. Furthermore, we show how at the price of just one additional forgery one can learn <em>E</em><em>K</em>(<em>P</em>∗) for any freely chosen plaintext <em>P</em>∗. These design weaknesses allow one to decrypt earlier iFeed encryptions under the respective nonces, breaking the forward secrecy of iFeed, and leading to a total security compromise of the iFeed design.</p></description> <description descriptionType="Other">H2020 644052 / HECTOR</description> </descriptions> </resource>
All versions | This version | |
---|---|---|
Views | 38 | 38 |
Downloads | 20 | 20 |
Data volume | 13.3 MB | 13.3 MB |
Unique views | 38 | 38 |
Unique downloads | 20 | 20 |