Abstract
In this paper, we study the security of the algorithm ELmD, which is a second-round candidate of the ongoing CAESAR competition for authenticated encryption.
ELmD is a well designed algorithm providing misuse resistance and full parallelism with security up to birthday bound \(O(2^{n/2})\). Our work gives some attacks with complexity around birthday bound, which do not violate the provable security, but is still meaningful for academic interest and comprehensive understanding of the security of the algorithm. In our work, we first show how to recover the secret masking values with birthday bound complexity when the length of associated data is either variable or fixed, and then present a plaintext recovery attack after knowing the masks, which breaks the security claim of the designers for 128-bit security against plaintext recovery attack. Furthermore, we give an existential forgery attack by constructing two colliding associated data and present an almost universal forgery attack when two consecutive ciphertext blocks are equal. Finally, since 4-round AES is always used as the underlying primitives for provable security with at least 25 active S-boxes, we concern about the security of ELmD(4,4) by providing a differential attack using a differential trail with high probability, to recover the key with time complexity between \(2^{106}\) and \(2^{109}\). Although the key recovery attack is largely constrained by the data limitation, it shows some security property of the reduced-round algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cryptographic competitions: Caesar. http://competitions.cr.yp.to/caesar-call.html
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Aes-copa v. 2 (2015). http://competitions.cr.yp.to/round2/aescopav2.pdf
Bay, A., Ersoy, O., Karakoç, F.: Universal forgery and key recovery attacks on ELmD authenticated encryption algorithm. Cryptology ePrint Archive, report 2016/640 (2016). http://eprint.iacr.org
Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)
Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006). doi:10.1007/11935230_3
Datta, N., Nandi, M.: ELmD v2.0 specification (2015). http://competitions.cr.yp.to/round2/elmdv20.pdf
Dunkelman, O., Keller, N., Shamir, A.: Almost universal forgery attacks on AES-based MACs. Des. Codes Cryptography 1–19 (2014)
Fuhr, T., Leurent, G., Suder, V.: Collision attacks against CAESAR candidates. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 510–532. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48800-3_21
Guo, J.: Marble specification version 1.0 (2014). http://competitions.cr.yp.to/round1/marblev10.pdf
Guo, J., Peyrin, T., Sasaki, Y., Wang, L.: Updates on generic attacks against HMAC and NMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 131–148. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_8
Hoang, V.T., Krovetz, T., Rogaway, P.: Aez v1: authenticated-encryption by enciphering (2014). http://web.cs.ucdavis.edu/~rogaway/aez/AEZv3.pdf
Lu, J.: On the security of the COPA and marble authenticated encryption algorithms against (almost) universal forgery attack (2015). http://eprint.iacr.org
Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131–147 (2008)
Zhang, J., Wenling, W.: Collision attacks on CAESAR second-round candidate: ELmD (full version) (2016). http://www.escience.cn/people/zjcrypto/index.html
Acknowledgments
We would like to thank anonymous referees for their helpful comments and suggestions. The research presented in this paper is supported by the National Basic Research Program of China (No. 2013CB338002) and National Natural Science Foundation of China (No. 61272476, 61672509 and 61232009).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Zhang, J., Wu, W., Zheng, Y. (2016). Collision Attacks on CAESAR Second-Round Candidate: ELmD. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-49151-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49150-9
Online ISBN: 978-3-319-49151-6
eBook Packages: Computer ScienceComputer Science (R0)