Skip to main content
Top

2016 | OriginalPaper | Chapter

On the Security of the LAC Authenticated Encryption Algorithm

Author : Jiqiang Lu

Published in: Information Security and Privacy

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The LAC authenticated encryption algorithm was a candidate to the CAESAR competition on authenticated encryption, which follows the design of the ALE authenticated encryption algorithm. In this paper, we show that the security of LAC depends greatly on the parameter of the maximum message length and the order of padding the last message block, by cryptanalysing its variants that differ from the original LAC only in the above-mentioned two points. For the LAC variants, we present a structural state recovery attack in the nonce-respecting scenario, which is independent from the underlying block cipher, which requires only chosen queries to their encryption and tag generation oracles and can recover an internal state of the initialization phase for one of some used Public Message Numbers (PMNs) more advantageously than exhaustive key search; and the recovered internal state can be used to make an existential forgery attack under this PMN. Besides, slightly inferior to exhaustive key search, the state recovery attack can apply to the LAC variant that differs from LAC only in the order of padding the last message block. Although the state recovery attack does not apply to the original LAC, it sheds some light on this type of interesting structures, and shows that an authenticated encryption algorithm with a such or similar structure may be weakened when it is misused deliberately or accidentally with the reverse message padding order and a different maximum message length, and users should be careful about the two points when employing such a structure in reality.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
An equivalent of this point under our attack is that the position of the most significant 24 bits of the output of the eighth round of the \(\widehat{\mathbf {G}}\) operation is exchanged with the position of the most significant 24 bits of the output of the sixteenth round of the \(\widehat{\mathbf {G}}\) operation, (without reversing the message padding order), that is \((X_{17}[9\sim 32]||X_9[9\sim 32])\).
 
2
Note that \((PMN_i, PMN_j)\) is a permutation, rather than a combination. Thus, \((PMN_i, PMN_j)\) and \((PMN_j, PMN_i)\) are different.
 
3
Likewise, \((\widehat{PMN}_p, \widehat{PMN}_q)\) is a permutation, so \((\widehat{PMN}_p, \widehat{PMN}_q)\) and \((\widehat{PMN}_q,\) \(\widehat{PMN}_p)\) are different.
 
Literature
1.
go back to reference Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptology 21(4), 469–491 (2008)MathSciNetCrossRefMATH Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptology 21(4), 469–491 (2008)MathSciNetCrossRefMATH
3.
go back to reference Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-based lightweight authenticated encryption. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 447–466. Springer, Heidelberg (2014) Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-based lightweight authenticated encryption. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 447–466. Springer, Heidelberg (2014)
6.
7.
go back to reference Wu, S., Wu, H., Huang, T., Wang, M., Wu, W.: Leaked-state-forgery attack against the authenticated encryption algorithm ALE. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 377–404. Springer, Heidelberg (2013)CrossRef Wu, S., Wu, H., Huang, T., Wang, M., Wu, W.: Leaked-state-forgery attack against the authenticated encryption algorithm ALE. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 377–404. Springer, Heidelberg (2013)CrossRef
8.
go back to reference Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)CrossRef Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)CrossRef
Metadata
Title
On the Security of the LAC Authenticated Encryption Algorithm
Author
Jiqiang Lu
Copyright Year
2016
DOI
https://doi.org/10.1007/978-3-319-40367-0_25

Premium Partner