Conference ProceedingsOPEN ACCESS

Related-key forgeries for Prøst-OTR

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2015) 9054 282-296
DOI: 10.1007/978-3-662-48116-5_14
9Citations
Citations of this article
32Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ Δ with related nonces, we can forge the ciphertext and tag for a modified message under K. If we can query ciphertexts for chosen messages under K⊕Δ, we can achieve almost universal forgery for K. The computational complexity is negligible.

Author supplied keywords

Cite

CITATION STYLE

APA

Dobraunig, C., Eichlseder, M., & Mendel, F. (2015). Related-key forgeries for Prøst-OTR. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9054, pp. 282–296). Springer Verlag. https://doi.org/10.1007/978-3-662-48116-5_14

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free