Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Forgery and Key-Recovery Attacks on CAESAR Candidate Marble

Abstract : The CAESAR competition, which started in 2014, aims at providing a new standard of authenticated encryption. In this paper, we perform an analysis of the candidate Marble. We show a generic attack on the Marble mode of operation (independent of the E transformations), where we recover the whitening key L, and perform forgeries using 2^64 chosen plaintext queries. Considering the specific internal primitives used in Marble (composed of 4 AES rounds), we also show how to recover the secret key using 2^32 additional decryption queries, in the decryption-misuse setting (where we can decipher plaintexts without valid tags).
Document type :
Preprints, Working Papers, ...
Complete list of metadatas
Contributor : Gaëtan Leurent <>
Submitted on : Tuesday, January 13, 2015 - 6:13:57 PM
Last modification on : Tuesday, November 5, 2019 - 12:10:06 AM
Long-term archiving on: : Saturday, September 12, 2015 - 2:00:19 AM


Files produced by the author(s)


  • HAL Id : hal-01102031, version 2


Thomas Fuhr, Gaëtan Leurent, Valentin Suder. Forgery and Key-Recovery Attacks on CAESAR Candidate Marble. 2015. ⟨hal-01102031v2⟩



Record views


Files downloads