2 research outputs found
Cryptanalysis of Reduced NORX
NORX is a second round candidate of the ongoing CAESAR competition for authenticated encryption. It is a nonce based authenticated encryption scheme based on the sponge construction. Its two variants denoted by NORX32 and NORX64 provide a security level of 128 and 256 bits, respectively. In this paper, we present a state/key recovery attack for both variants with the number of rounds of the core permutation reduced to 2 (out of 4) rounds. The time complexity of the attack for NORX32 and NORX64 is and respectively, while the data complexity is negligible. Furthermore, we show a state recovery attack against NORX in the parallel mode using an internal differential attack for 2 rounds of the permutation. The data, time and memory complexities of the attack for NORX32 are , and respectively and for NORX64 are , and respectively. Finally, we present a practical distinguisher for the keystream of NORX64 based on two rounds of the permutation in the parallel mode using an internal differential-linear attack. To the best of our knowledge, our results are the best known results for NORX in nonce respecting manner
General Classification of the Authenticated Encryption Schemes for the CAESAR Competition
An Authenticated encryption scheme is a scheme which provides privacy and integrity by using a secret key. In 2013, CAESAR (the ``Competition for Authenticated Encryption: Security, Applicability, and Robustness\u27\u27) was co-founded by NIST and Dan Bernstein with the aim of finding authenticated encryption schemes
that offer advantages over AES-GCM and are suitable for widespread adoption.
The first round started with 57 candidates in March 2014; and nine of these
first-round candidates where broken and withdrawn from the competition. The
remaining 48 candidates went through an intense process of review, analysis
and comparison. While the cryptographic community benefits greatly from the
manifold different submission designs, their sheer number
implies a challenging amount of study. This paper provides
an easy-to-grasp overview over functional aspects, security parameters, and
robustness offerings by the CAESAR candidates, clustered by their underlying
designs (block-cipher-, stream-cipher-, permutation-/sponge-,
compression-function-based, dedicated). After intensive review and analysis of all 48 candidates by the community, the CAESAR committee selected only 30 candidates for the second round. The announcement for the third round candidates was made on 15th August 2016 and 15 candidates were chosen for the third round