Forgery Attacks on FlexAE and FlexAEAD

Research output: Chapter in Book/Report/Conference proceedingConference contribution


FlexAEAD is one of the round-1 candidates in the ongoing NIST Lightweight Cryptography standardization project. In this note, we show several forgery attacks on FlexAEAD with complexity less than the security bound given by the designers, such as a block reordering attack on full FlexAEAD-128 with estimated success probability about 2^54. Additionally, we show some trivial forgeries and point out domain separation issues.
Original languageEnglish
Title of host publicationCryptography and Coding - IMACC 2019
PublisherSpringer, Cham
Number of pages15
Publication statusPublished - Nov 2019
EventIMACC 2019: 17th IMA International Conference on Cryptography and Coding - Oxford, United Kingdom
Duration: 16 Dec 201918 Dec 2019

Publication series

NameLecture Notes in Computer Science


ConferenceIMACC 2019
CountryUnited Kingdom


  • authenticated encryption
  • forgery attack

Fingerprint Dive into the research topics of 'Forgery Attacks on FlexAE and FlexAEAD'. Together they form a unique fingerprint.

  • Activities

    • 1 Talk at conference or symposium

    Forgery Attacks on FlexAE and FlexAEAD

    Maria Eichlseder (Speaker)
    18 Dec 2019

    Activity: Talk or presentationTalk at conference or symposiumScience to science

    Cite this

    Eichlseder, M., Kales, D., & Schofnegger, M. (2019). Forgery Attacks on FlexAE and FlexAEAD. In Cryptography and Coding - IMACC 2019 (pp. 200-214). (Lecture Notes in Computer Science; Vol. 11929). Springer, Cham.