Practical Key Recovery Attacks on FlexAEAD - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Article Dans Une Revue Designs, Codes and Cryptography Année : 2022

Practical Key Recovery Attacks on FlexAEAD

Résumé

FlexAEAD is a block cipher candidate submitted to the NIST Lightweight Cryptography standardization project, based on repeated application of an Even-Mansour construction. In order to optimize performance, the designers chose a relatively small number of rounds, using properties of the mode and bounds on differential and linear characteristics to substantiate their security claims. Due to a forgery attack with complexity of $2^{46}$, FlexAEAD was not selected to the second round of evaluation in the NIST project. In this paper we present a practical key recovery attack on FlexAEAD, using clusters of differentials for the internal permutation and the interplay between different parts of the mode. Our attack, that was fully verified in practice, allows recovering the secret subkeys of FlexAEAD-64 with time complexity of less than $2^{31}$ encryptions (with experimental success rate of 75%). This is the first practical key recovery attack on a candidate of the NIST standartization project.
Fichier principal
Vignette du fichier
2021-931.pdf (726.26 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03528899 , version 1 (17-01-2022)

Licence

Paternité

Identifiants

Citer

Orr Dunkelman, Maria Eichlseder, Daniel Kales, Nathan Keller, Gaëtan Leurent, et al.. Practical Key Recovery Attacks on FlexAEAD. Designs, Codes and Cryptography, 2022, 90 (4), pp.983--1007. ⟨10.1007/s10623-022-01023-5⟩. ⟨hal-03528899⟩

Collections

INRIA INRIA2
59 Consultations
129 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More