HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Universal Forgery Attack against GCM-RUP

Abstract : Authenticated encryption (AE) schemes are widely used to secure communications because they can guarantee both confidentiality and authenticity of a message. In addition to the standard AE security notion, some recent schemes offer extra robustness, i.e. they maintain security in some misuse scenarios. In particular, Ashur, Dunkelman and Luykx proposed a generic AE construction at CRYPTO'17 that is secure even when releasing unverified plaintext (the RUP setting), and a concrete instantiation, GCM-RUP. The designers proved that GCM-RUP is secure up to the birthday bound in the nonce-respecting model. In this paper, we perform a birthday-bound universal forgery attack against GCM-RUP, matching the bound of the proof. While there are simple distinguishing attacks with birthday complexity on GCM-RUP, our attack is much stronger: we have a partial key recovery leading to universal forgeries. For reference, the best known universal forgery attack against GCM requires 2 2n/3 operations, and many schemes do not have any known universal forgery attacks faster than 2 n. This suggests that GCM-RUP offers a different security trade-off than GCM: stronger protection in the RUP setting, but more fragile when the data complexity reaches the birthday bound. In order to avoid this attack, we suggest a minor modification of GCM-RUP that seems to offer better robustness at the birthday bound.
Document type :
Conference papers
Complete list of metadata

Cited literature [39 references]  Display  Hide  Download

Contributor : Gaëtan Leurent Connect in order to contact the contributor
Submitted on : Saturday, December 28, 2019 - 8:12:15 PM
Last modification on : Thursday, February 3, 2022 - 11:18:48 AM
Long-term archiving on: : Sunday, March 29, 2020 - 1:30:51 PM


Files produced by the author(s)




Yanbin Li, Gaëtan Leurent, Meiqin Wang, Wei Wang, Guoyan Zhang, et al.. Universal Forgery Attack against GCM-RUP. CT-RSA 2020 - The Cryptographers' Track at the RSA Conference 2020, Feb 2020, San Francisco, United States. pp.15--34, ⟨10.1007/978-3-030-40186-3_2⟩. ⟨hal-02424899⟩



Record views


Files downloads