[Resource Topic] 2022/1414: INT-RUP Security of SAEB and TinyJAMBU

Welcome to the resource topic for 2022/1414

INT-RUP Security of SAEB and TinyJAMBU

Authors: Nilanjan Datta, Avijit Dutta, Shibam Ghosh


The INT-RUP security of an authenticated encryption (AE)
scheme is a well studied problem which deals with the integrity security
of an AE scheme in the setting of releasing unverified plaintext model.
Popular INT-RUP secure constructions either require a large state (e.g.
GCM-RUP, LOCUS, Oribatida) or employ a two-pass mode (e.g. MON-
DAE) that does not allow on-the-fly data processing. This motivates us
to turn our attention to feedback type AE constructions that allow small
state implementation as well as on-the-fly computation capability. In CT-
RSA 2016, Chakraborti et al. have demonstrated a generic INT-RUP
attack on rate-1 block cipher based feedback type AE schemes. Their
results inspire us to study about feedback type AE constructions at a
reduced rate. In this paper, we consider two such recent designs, SAEB
and TinyJAMBU and we analyze their integrity security in the setting of
releasing unverified plaintext model. We found an INT-RUP attack on
SAEB with roughly 232 decryption queries. However, the concrete analysis shows that if we reduce its rate to 32 bits, SAEB achieves the desired
INT-RUP security bound without any additional overhead. Moreover, we
have also analyzed TinyJAMBU, one of the finalists of the NIST LwC,
and found it to be INT-RUP secure. To the best of our knowledge, this
is the first work reporting the INT-RUP security analysis of the block cipher based single state, single pass, on-the-fly, inverse-free authenticated

ePrint: https://eprint.iacr.org/2022/1414

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .