[Resource Topic] 2014/217: A Forgery Attack against PANDA-s

Welcome to the resource topic for 2014/217

Title:
A Forgery Attack against PANDA-s

Authors: Yu Sasaki, Lei Wang

Abstract:

\panda~is an authenticated encryption scheme designed by Ye {\it et al.}, and submitted to the CAESAR competition. The designers claim that \pandas, which is one of the designs of the \panda-family, provides 128-bit security in the nonce misuse model. In this note, we describe our forgery attack against \pandas. Our attack works in the nonce misuse model. It exploits the fact that the message processing function and the finalization function are identical, and thus a variant of the length-extension attack can be applied. We can find a tag for a pre-specified formatted message with 2 encryption oracle calls, 2^{64} computational cost, and negligible memory.

ePrint: https://eprint.iacr.org/2014/217

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .