Welcome to the resource topic for 2023/1525
Title:
Committing Authenticated Encryption: Sponges vs. Block-Ciphers in the case of the NIST LWC Finalists
Authors: Juliane Krämer, Patrick Struck, Maximiliane Weishäupl
Abstract:Committing security has gained considerable attention in the field of authenticated encryption (AE). This can be traced back to a line of recent attacks, which suggests that AE schemes used in practice should not only provide confidentiality and authenticity, but also committing security. Roughly speaking, a committing AE scheme guarantees that ciphertexts will decrypt only for one key. Despite the recent research effort in this area, the finalists of the NIST lightweight cryptography standardization process have not been put under consideration yet. We close this gap by providing an analysis of these schemes with respect to their committing security. Despite the structural similarities the finalists exhibit, our results are of a quite heterogeneous nature: We break four of the schemes with effectively no costs, while for two schemes our attacks are costlier, yet still efficient. For the remaining three schemes ISAP, Ascon, and (a slightly modified version of) Schwaemm, we give formal security proofs. Our analysis reveals that sponges—due to their large states—are more favorable for committing security compared to block-ciphers.
ePrint: https://eprint.iacr.org/2023/1525
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .