[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

What a lovely hat

Is it made out of tin foil?

Paper 2019/1372

Analyzing the Linear Keystream Biases in AEGIS

Maria Eichlseder, Graz University of Technology
Marcel Nageler, Graz University of Technology
Robert Primas, Graz University of Technology
Abstract

AEGIS is one of the authenticated encryption designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. In 2014, Minaud discovered slight biases in the keystream based on linear characteristics. For family member AEGIS-256, these could be exploited to undermine the confidentiality faster than generic attacks, but this still requires very large amounts of data. For final portfolio member AEGIS-128, these attacks are currently less efficient than generic attacks. We propose improved keystream approximations for the AEGIS family, but also prove upper bounds below $2^{-128}$ for the squared correlation contribution of any single suitable linear characteristic.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2020
DOI
10.13154/tosc.v2019.i4.348-368
Keywords
Authenticated encryptionCAESARAEGISLinear cryptanalysis
Contact author(s)
maria eichlseder @ iaik tugraz at
marcel nageler @ student tugraz at
rprimas @ gmail com
History
2024-06-07: revised
2019-12-01: received
See all versions
Short URL
https://ia.cr/2019/1372
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1372,
      author = {Maria Eichlseder and Marcel Nageler and Robert Primas},
      title = {Analyzing the Linear Keystream Biases in {AEGIS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/1372},
      year = {2019},
      doi = {10.13154/tosc.v2019.i4.348-368},
      url = {https://eprint.iacr.org/2019/1372}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.