Skip to Main content Skip to Navigation
Conference papers

Universal Forgery Attack against GCM-RUP

Abstract : Authenticated encryption (AE) schemes are widely used to secure communications because they can guarantee both confidentiality and authenticity of a message. In addition to the standard AE security notion, some recent schemes offer extra robustness, i.e. they maintain security in some misuse scenarios. In particular, Ashur, Dunkelman and Luykx proposed a generic AE construction at CRYPTO'17 that is secure even when releasing unverified plaintext (the RUP setting), and a concrete instantiation, GCM-RUP. The designers proved that GCM-RUP is secure up to the birthday bound in the nonce-respecting model. In this paper, we perform a birthday-bound universal forgery attack against GCM-RUP, matching the bound of the proof. While there are simple distinguishing attacks with birthday complexity on GCM-RUP, our attack is much stronger: we have a partial key recovery leading to universal forgeries. For reference, the best known universal forgery attack against GCM requires 2 2n/3 operations, and many schemes do not have any known universal forgery attacks faster than 2 n. This suggests that GCM-RUP offers a different security trade-off than GCM: stronger protection in the RUP setting, but more fragile when the data complexity reaches the birthday bound. In order to avoid this attack, we suggest a minor modification of GCM-RUP that seems to offer better robustness at the birthday bound.
Document type :
Conference papers
Complete list of metadata

Cited literature [39 references]  Display  Hide  Download

https://hal.inria.fr/hal-02424899
Contributor : Gaëtan Leurent <>
Submitted on : Saturday, December 28, 2019 - 8:12:15 PM
Last modification on : Monday, February 22, 2021 - 1:12:51 PM
Long-term archiving on: : Sunday, March 29, 2020 - 1:30:51 PM

File

2019-1359.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Yanbin Li, Gaëtan Leurent, Meiqin Wang, Wei Wang, Guoyan Zhang, et al.. Universal Forgery Attack against GCM-RUP. CT-RSA 2020 - The Cryptographers' Track at the RSA Conference 2020, Feb 2020, San Francisco, United States. pp.15--34, ⟨10.1007/978-3-030-40186-3_2⟩. ⟨hal-02424899⟩

Share

Metrics

Record views

126

Files downloads

395