Conference paper Open Access

Forgery and Subkey Recovery on CAESAR candidate iFeed

Schroé, Willem; Mennink, Bart; Andreeva, Elena; Preneel, Bart


JSON-LD (schema.org) Export

{
  "description": "<p>iFeed is a blockcipher-based authenticated encryption design by Zhang, Wu, Sui, and Wang and a first round candidate to the CAESAR competition. iFeed is claimed to achieve confidentiality and authenticity in the nonce-respecting setting, and confidentiality in the nonce-reuse setting. Recently, Chakraborti et al.\u00a0published forgeries on iFeed in the RUP and nonce-reuse settings. The latter attacks, however, do not invalidate the iFeed designers\u2019 security claims. In this work, we consider the security of iFeed in the nonce-respecting setting, and show that a valid forgery can be constructed after only one encryption query. Even more, the forgery leaks both subkeys <em>E</em><em>K</em>(0128) and <em>E</em><em>K</em>(<em>P</em><em>M</em><em>N</em>\u22251), where <em>K</em> is the secret key and <em>P</em><em>M</em><em>N</em> the nonce used for the authenticated encryption. Furthermore, we show how at the price of just one additional forgery one can learn <em>E</em><em>K</em>(<em>P</em>\u2217) for any freely chosen plaintext <em>P</em>\u2217. These design weaknesses allow one to decrypt earlier iFeed encryptions under the respective nonces, breaking the forward secrecy of iFeed, and leading to a total security compromise of the iFeed design.</p>", 
  "license": "https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode", 
  "creator": [
    {
      "affiliation": "KU Leuven", 
      "@type": "Person", 
      "name": "Schro\u00e9, Willem"
    }, 
    {
      "affiliation": "KU Leuven", 
      "@type": "Person", 
      "name": "Mennink, Bart"
    }, 
    {
      "affiliation": "KU Leuven", 
      "@type": "Person", 
      "name": "Andreeva, Elena"
    }, 
    {
      "affiliation": "KU Leuven", 
      "@type": "Person", 
      "name": "Preneel, Bart"
    }
  ], 
  "headline": "Forgery and Subkey Recovery on CAESAR candidate iFeed", 
  "image": "https://zenodo.org/static/img/logos/zenodo-gradient-round.svg", 
  "datePublished": "2015-08-12", 
  "isPartOf": [
    {
      "@id": "https://doi.org/10.1007/978-3-319-31301-6", 
      "@type": "CreativeWork"
    }
  ], 
  "url": "https://zenodo.org/record/55452", 
  "keywords": [
    "CAESAR, iFeed, Forgery, Subkey recovery, Breaking forward secrecy"
  ], 
  "@context": "https://schema.org/", 
  "identifier": "https://doi.org/10.5281/zenodo.55452", 
  "@id": "https://doi.org/10.5281/zenodo.55452", 
  "@type": "ScholarlyArticle", 
  "name": "Forgery and Subkey Recovery on CAESAR candidate iFeed"
}
37
16
views
downloads
All versions This version
Views 3737
Downloads 1616
Data volume 10.7 MB10.7 MB
Unique views 3737
Unique downloads 1616

Share

Cite as