Related-Key Forgeries for Proest-OTR

Christoph Erwin Dobraunig; Maria Eichlseder; Florian Mendel

doi:10.1007/978-3-662-48116-5_14

Related-Key Forgeries for Proest-OTR

Christoph Erwin Dobraunig, Maria Eichlseder^*, Florian Mendel

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construc-
tion in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can forge the ciphertext and tag for a modified
message under K. If we can query ciphertexts for chosen messages under K ⊕ ∆, we can achieve almost universal forgery for K. The computational complexity is negligible.

Original language	English
Title of host publication	Fast Software Encryption - FSE 2015
Place of Publication	Cham
Publisher	Springer
Pages	282-296
ISBN (Print)	978-3-662-48115-8
DOIs	https://doi.org/10.1007/978-3-662-48116-5_14
Publication status	Published - 2015
Event	2015 Fast Software Encryption Workshop: FSE 2015 - Istanbul, Turkey Duration: 9 Mar 2015 → 11 Mar 2015

Publication series

Name	Lecture Notes in Computer Science(
Publisher	Springer
Volume	9054

Conference

Conference	2015 Fast Software Encryption Workshop
Abbreviated title	FSE 2015
Country/Territory	Turkey
City	Istanbul
Period	9/03/15 → 11/03/15

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1007/978-3-662-48116-5_14

fulltext.pdfAccepted author manuscript, 312 KB

FWF - AE - Design and Analysis of Next Generation Authenticated Encryption Algorithms
Mendel, F., Dobraunig, C. E. & Eichlseder, M.
1/10/14 → 30/09/17
Project: Research project
SeCoS - Secure Contactless Sphere - Smart RFID-Technologies for a Connected World
Bösch, W., Wenger, E., Khan, H. N., Schmidt, J., Gadringer, M. E., Spreitzer, R. C., Mendel, F., Gruss, D., Hutter, M., Freidl, P. F., Görtschacher, L. J., Mangard, S. & Grosinger, J.
1/01/13 → 31/12/15
Project: Research project
Cryptography
Schläffer, M., Oswald, M. E., Lipp, P., Dobraunig, C. E., Mendel, F., Eichlseder, M., Nad, T., Posch, R., Lamberger, M., Rijmen, V. & Rechberger, C.
1/01/95 → 31/01/19
Project: Research area

Cite this

@inproceedings{33e32e0d06f24d08885d523d92e18f95,

title = "Related-Key Forgeries for Proest-OTR",

abstract = "We present a forgery attack on Pr{\o}st-OTR in a related-key setting. Pr{\o}st is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Pr{\o}st-OTR is one of the three variants of the Pr{\o}st design. The attack exploits how the Pr{\o}st permutation is used in an Even-Mansour construc-tion in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can forge the ciphertext and tag for a modifiedmessage under K. If we can query ciphertexts for chosen messages under K ⊕ ∆, we can achieve almost universal forgery for K. The computational complexity is negligible.",

author = "Dobraunig, {Christoph Erwin} and Maria Eichlseder and Florian Mendel",

year = "2015",

doi = "10.1007/978-3-662-48116-5_14",

language = "English",

isbn = "978-3-662-48115-8",

series = "Lecture Notes in Computer Science(",

publisher = "Springer",

pages = "282--296",

booktitle = "Fast Software Encryption - FSE 2015",

note = "2015 Fast Software Encryption Workshop : FSE 2015, FSE 2015 ; Conference date: 09-03-2015 Through 11-03-2015",

}

TY - GEN

T1 - Related-Key Forgeries for Proest-OTR

AU - Dobraunig, Christoph Erwin

AU - Eichlseder, Maria

AU - Mendel, Florian

PY - 2015

Y1 - 2015

N2 - We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construc-tion in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can forge the ciphertext and tag for a modifiedmessage under K. If we can query ciphertexts for chosen messages under K ⊕ ∆, we can achieve almost universal forgery for K. The computational complexity is negligible.

AB - We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construc-tion in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can forge the ciphertext and tag for a modifiedmessage under K. If we can query ciphertexts for chosen messages under K ⊕ ∆, we can achieve almost universal forgery for K. The computational complexity is negligible.

U2 - 10.1007/978-3-662-48116-5_14

DO - 10.1007/978-3-662-48116-5_14

M3 - Conference paper

SN - 978-3-662-48115-8

T3 - Lecture Notes in Computer Science(

SP - 282

EP - 296

BT - Fast Software Encryption - FSE 2015

PB - Springer

CY - Cham

T2 - 2015 Fast Software Encryption Workshop

Y2 - 9 March 2015 through 11 March 2015

ER -

Related-Key Forgeries for Proest-OTR

Abstract

Publication series

Conference

Fields of Expertise

Access to Document

Fingerprint

Projects

FWF - AE - Design and Analysis of Next Generation Authenticated Encryption Algorithms

SeCoS - Secure Contactless Sphere - Smart RFID-Technologies for a Connected World

Cryptography

Cite this