[Resource Topic] 2014/325: A practical forgery and state recovery attack on the authenticated cipher PANDA-s

Welcome to the resource topic for 2014/325

Title:
A practical forgery and state recovery attack on the authenticated cipher PANDA-s

Authors: Xiutao FENG, Fan ZHANG, Hui WANG

Abstract:

PANDA is a family of authenticated ciphers submitted to CARSAR, which consists of two ciphers: PANDA-s and PANDA-b. In this work we present a state recovery attack against PANDA-s with time complexity about 2^{41} under the known-plaintext-attack model, which needs 137 pairs of known plaintext/ciphertext and about 2GB memories. Our attack is practical in a small workstation. Based on the above attack, we further deduce a forgery attack against PANDA-s, which can forge a legal ciphertext (C,T) of an arbitrary plaintext P. The results show that PANDA-s is insecure.

ePrint: https://eprint.iacr.org/2014/325

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .