Skip to main content
SpringerLink
Log in

Collision Attacks on CAESAR Second-Round Candidate: ELmD

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10060))

Abstract

In this paper, we study the security of the algorithm ELmD, which is a second-round candidate of the ongoing CAESAR competition for authenticated encryption.

ELmD is a well designed algorithm providing misuse resistance and full parallelism with security up to birthday bound \(O(2^{n/2})\). Our work gives some attacks with complexity around birthday bound, which do not violate the provable security, but is still meaningful for academic interest and comprehensive understanding of the security of the algorithm. In our work, we first show how to recover the secret masking values with birthday bound complexity when the length of associated data is either variable or fixed, and then present a plaintext recovery attack after knowing the masks, which breaks the security claim of the designers for 128-bit security against plaintext recovery attack. Furthermore, we give an existential forgery attack by constructing two colliding associated data and present an almost universal forgery attack when two consecutive ciphertext blocks are equal. Finally, since 4-round AES is always used as the underlying primitives for provable security with at least 25 active S-boxes, we concern about the security of ELmD(4,4) by providing a differential attack using a differential trail with high probability, to recover the key with time complexity between \(2^{106}\) and \(2^{109}\). Although the key recovery attack is largely constrained by the data limitation, it shows some security property of the reduced-round algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cryptographic competitions: Caesar. http://competitions.cr.yp.to/caesar-call.html

  2. Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Aes-copa v. 2 (2015). http://competitions.cr.yp.to/round2/aescopav2.pdf

  3. Bay, A., Ersoy, O., Karakoç, F.: Universal forgery and key recovery attacks on ELmD authenticated encryption algorithm. Cryptology ePrint Archive, report 2016/640 (2016). http://eprint.iacr.org

  4. Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  5. Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006). doi:10.1007/11935230_3

    Chapter  Google Scholar 

  6. Datta, N., Nandi, M.: ELmD v2.0 specification (2015). http://competitions.cr.yp.to/round2/elmdv20.pdf

  7. Dunkelman, O., Keller, N., Shamir, A.: Almost universal forgery attacks on AES-based MACs. Des. Codes Cryptography 1–19 (2014)

    Google Scholar 

  8. Fuhr, T., Leurent, G., Suder, V.: Collision attacks against CAESAR candidates. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 510–532. Springer, Heidelberg (2015). doi:10.1007/978-3-662-48800-3_21

    Chapter  Google Scholar 

  9. Guo, J.: Marble specification version 1.0 (2014). http://competitions.cr.yp.to/round1/marblev10.pdf

  10. Guo, J., Peyrin, T., Sasaki, Y., Wang, L.: Updates on generic attacks against HMAC and NMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 131–148. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_8

    Chapter  Google Scholar 

  11. Hoang, V.T., Krovetz, T., Rogaway, P.: Aez v1: authenticated-encryption by enciphering (2014). http://web.cs.ucdavis.edu/~rogaway/aez/AEZv3.pdf

  12. Lu, J.: On the security of the COPA and marble authenticated encryption algorithms against (almost) universal forgery attack (2015). http://eprint.iacr.org

  13. Selçuk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131–147 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  14. Zhang, J., Wenling, W.: Collision attacks on CAESAR second-round candidate: ELmD (full version) (2016). http://www.escience.cn/people/zjcrypto/index.html

    Google Scholar 

Download references

Acknowledgments

We would like to thank anonymous referees for their helpful comments and suggestions. The research presented in this paper is supported by the National Basic Research Program of China (No. 2013CB338002) and National Natural Science Foundation of China (No. 61272476, 61672509 and 61232009).

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Jian Zhang, Wenling Wu & Yafei Zheng

  2. State Key Laboratory of Cryptology, Beijing, 100190, China

    Jian Zhang

Authors
  1. Jian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenling Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yafei Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenling Wu .

Editor information

Editors and Affiliations

  1. Huawei International, Singapore, Singapore

    Feng Bao

  2. University of Surrey, Guilford, Surrey, United Kingdom

    Liqun Chen

  3. Singapore Management University, Singapore, Singapore

    Robert H. Deng

  4. Guangzhou University, Guangzhou, Guangdong, China

    Guojun Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Zhang, J., Wu, W., Zheng, Y. (2016). Collision Attacks on CAESAR Second-Round Candidate: ELmD. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49151-6_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49150-9

  • Online ISBN: 978-3-319-49151-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation