In this paper, we cryptanalyze three authenticated ciphers: AVALANCHE, Calico, and RBS. While the former two are contestants in the ongoing international CAESAR competition for authenticated encryption schemes, the latter has recently been proposed for lightweight applications such as RFID systems and wireless networks. All these schemes use well-established and secure components such as the AES, Grain-like NFSRs, ChaCha and SipHash as their building blocks. However, we discover key recovery attacks for all three designs, featuring square-root complexities. Using a key collision technique, we can recover the secret key of AVALANCHE in 2n/2, where n ∈ {128, 192, 256} is the key length. This technique also applies to the authentication part of Calico whose 128-bit key can be recovered in 264 time. For RBS, we can recover its full 132-bit key in 265 time with a guess-and-determine attack. All attacks also allow the adversary to mount universal forgeries.
CITATION STYLE
Bogdanov, A., Dobraunig, C., Eichlseder, M., Lauridsen, M. M., Mendel, F., Schläffer, M., & Tischhauser, E. (2015). Key recovery attacks on recent authenticated ciphers. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8895, pp. 274–287). Springer Verlag. https://doi.org/10.1007/978-3-319-16295-9_15
Mendeley helps you to discover research relevant for your work.