000268330 001__ 268330
000268330 005__ 20190812204805.0
000268330 0247_ $$2doi$$a10.1007/978-3-030-21568-2_3
000268330 037__ $$aCONF
000268330 245__ $$aCryptanalysis of ForkAES
000268330 260__ $$c2019
000268330 269__ $$a2019
000268330 336__ $$aConference Papers
000268330 520__ $$aForkciphers are a new kind of primitive proposed recently by Andreeva et al. for efficient encryption and authentication of small messages. They fork the middle state of a cipher and encrypt it twice under two smaller independent permutations. Thus, forkciphers produce two output blocks in one primitive call. Andreeva et al. proposed ForkAES, a tweakable AES-based forkcipher that splits the state after five out of ten rounds. While their authenticated encrypted schemes were accompanied by proofs, the security discussion for ForkAES was not provided, and founded on existing results on the AES and KIASU-BC. Forkciphers provide a unique interface called reconstruction queries that use one ciphertext block as input and compute the respective other ciphertext block. Thus, they deserve a careful security analysis. This work fosters the understanding of the security of ForkAES with three contributions: (1) We observe that security in reconstruction queries differs strongly from the existing results on the AES. This allows to attack nine out of ten rounds with differential, impossible-differential and yoyo attacks. (2) We observe that some forkcipher modes may lack the interface of reconstruction queries, so that attackers must use encryption queries. We show that nine rounds can still be attacked with rectangle and impossible-differential attacks. (3) We present forgery attacks on the AE modes proposed by Andreeva et al. with nine-round ForkAES.
000268330 700__ $$g283270$$aBanik, Subhadeep
000268330 700__ $$aBossert, Jannis
000268330 700__ $$aJana, Amit
000268330 700__ $$aList, Eik
000268330 700__ $$aLucks, Stefan
000268330 700__ $$aMeier, Willi
000268330 700__ $$aRahman, Mostafizar
000268330 700__ $$aSaha, Dhiman
000268330 700__ $$aSasaki, Yu
000268330 7112_ $$aApplied Cryptography and Network Security
000268330 773__ $$tLecture Notes in Computer Science$$j11464$$q43-63
000268330 8560_ $$ffatih.balli@epfl.ch
000268330 909C0 $$pLASEC$$mfatih.balli@epfl.ch$$0252183$$zGrolimund, Raphael$$xU10433
000268330 909CO $$pconf$$pIC$$ooai:infoscience.epfl.ch:268330
000268330 960__ $$afatih.balli@epfl.ch
000268330 961__ $$afantin.reichler@epfl.ch
000268330 973__ $$aEPFL$$rREVIEWED
000268330 980__ $$aCONF
000268330 981__ $$aoverwrite