Can Caesar Beat Galois?

Vaudenay, Serge; Vizár, Damian
doi:10.1007/978-3-319-93387-0_25
000264823 001__ 264823
000264823 005__ 20190316233228.0
000264823 0247_ $$2doi$$a10.1007/978-3-319-93387-0_25
000264823 02470 $$a10.1007/978-3-319-93387-0_25$$2DOI
000264823 037__ $$aCONF
000264823 245__ $$aCan Caesar Beat Galois?
000264823 260__ $$c2018
000264823 269__ $$a2018
000264823 336__ $$aConference Papers
000264823 520__ $$aThe Competition for Authenticated Encryption: Security, Applicability and Robustness (CAESAR) has as its official goal to “identify a portfolio of authenticated ciphers that offer advantages over [the Galois-Counter Mode with AES]” and are suitable for widespread adoption.” Each of the 15 candidate schemes competing in the currently ongoing 3rd round of CAESAR must clearly declare its security claims, i.e. whether it can tolerate nonce misuse, and what is the maximal data complexity for which security is guaranteed. These claims appear to be valid for all 15 candidates. Interpreting “Robustness” in CAESAR as the ability to mitigate damage when security guarantees are void, we describe attacks with 64-bit complexity or above, and/or with nonce reuse for each of the 15 candidates. We then classify the candidates depending on how powerful does an attacker need to be to mount (semi-)universal forgeries, decryption attacks, or key recoveries. Rather than invalidating the security claims of any of the candidates, our results provide an additional criterion for evaluating the security that candidates deliver, which can be useful for e.g. breaking ties in the final CAESAR discussions.
000264823 700__ $$aVaudenay, Serge
000264823 700__ $$aVizár, Damian
000264823 7112_ $$aApplied Cryptography and Network Security
000264823 773__ $$tLecture Notes in Computer Science$$j10892$$q476-494
000264823 8560_ $$ffatih.balli@epfl.ch
000264823 8564_ $$uhttps://infoscience.epfl.ch/record/264823/files/2017-1147.pdf$$s626016
000264823 909C0 $$zGrolimund, Raphael$$xU10433$$pLASEC$$mfatih.balli@epfl.ch$$0252183
000264823 909CO $$qGLOBAL_SET$$pconf$$pIC$$ooai:infoscience.epfl.ch:264823
000264823 960__ $$afatih.balli@epfl.ch
000264823 961__ $$afantin.reichler@epfl.ch
000264823 973__ $$aEPFL$$rREVIEWED
000264823 980__ $$aCONF
000264823 981__ $$aoverwrite