Welcome to the resource topic for 2014/931
Title:
Cryptanalysis of JAMBU
Authors: Thomas Peyrin, Siang Meng Sim, Lei Wang, Guoyan Zhang
Abstract:In this article, we analyse the security of the authenticated encryption mode JAMBU, a submission to the CAESAR competition that remains currently unbroken. We show that the security claims of this candidate regarding its nonce-misuse resistance can be broken. More precisely, we explain a technique to guess in advance a ciphertext block corresponding to a plaintext that has never been queried before (nor its prefix), thus breaking the confidentiality of the scheme when the attacker can make encryption queries with the same nonce. Our attack is very practical as it requires only about 2^{32} encryption queries and computations (instead of the 2^{128} claimed by the designers). Our cryptanalysis has been fully implemented in order to verify our findings. Moreover, due to the small tag length of JAMBU, we show how this attack can be extended in the nonce-respecting scenario to break confidentiality in the adaptative chosen-ciphertext model (IND-CCA2) with 2^{96} computations, with message prefixes not previously queried.
ePrint: https://eprint.iacr.org/2014/931
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .