论文信息 - Cryptanalysis of Reduced NORX

Cryptanalysis of Reduced NORX

NORX is a second round candidate of the ongoing CAESAR competition for authenticated encryption. It is a nonce based authenticated encryption scheme based on the sponge construction. Its two variants denoted by NORX32 and NORX64 provide a security level of 128 and 256 bits, respectively. In this paper, we present a state/key recovery attack for both variants with the number of rounds of the core permutation reduced to 2 out of 4 rounds. The time and data complexities of the attack for NORX32 are $$2^{119}$$ and $$ 2^{66} $$ respectively, and for NORX64 are $$ 2^{234} $$ and $$ 2^{132} $$ respectively, while the memory complexity is negligible. Furthermore, we show a state recovery attack against NORX in the parallel mode using an internal differential attack for 2 rounds of the permutation. The data, time and memory complexities of the attack for NORX32 are $$2^{7.3}$$, $$2^{124.3}$$ and $$2^{115}$$ respectively and for NORX64 are $$2^{6.2}$$, $$2^{232.8}$$ and $$2^{225}$$ respectively. Finally, we present a practical distinguisher for the keystream of NORX64 based on two rounds of the permutation in the parallel mode using an internal differential-linear attack. To the best of our knowledge, our results are the best known results for NORX in nonce respecting manner.

Tao Huang | Nasour Bagheri | Yu Sasaki | Keting Jia | Florian Mendel

[1] Yu Sasaki,et al. Analysis of the CAESAR Candidate Silver , 2015, SAC.

[2] Willi Meier,et al. Higher Order Differential Analysis of NORX , 2015, IACR Cryptol. ePrint Arch..

[3] Samuel Neves,et al. NORX: Parallel and Scalable AEAD , 2014, ESORICS.

[4] Eli Biham,et al. Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[5] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[6] Thomas Peyrin,et al. Improved Differential Attacks for ECHO and Grostl , 2010, IACR Cryptol. ePrint Arch..

[7] Jérémy Jean,et al. Cryptanalysis of FIDES , 2014, FSE.

[8] Andrey Bogdanov,et al. Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware , 2013, CHES.

[9] Samuel Neves,et al. Analysis of NORX: Investigating Differential and Rotational Properties , 2014, LATINCRYPT.

[10] Guido Bertoni,et al. Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[11] Florian Mendel,et al. Submission to the CAESAR Competition , 2014 .