论文信息 - Distinguishing Attack on NORX Permutation

Distinguishing Attack on NORX Permutation

NORX is a permutation-based authentication scheme which is currently a third-round candidate of the ongoing CAESAR competition. The security bound of NORX is derived from the sponge construction applied to an ideal underlying permutation. In this paper, we show that the NORX core permutation is non-ideal with a new distinguishing attack. More specifically, we can distinguish NORX64 permutation with 248.5 queries and distinguish NORX32 permutation with 264.7 queries using carefully crafted differential-linear attacks. We have experimentally verified the distinguishing attack on NORX64 permutation. Although the distinguishing attacks reveal the weakness of the NORX permutation, it does not directly threat the security of the NORX authenticated encryption scheme.

Tao Huang | Hongjun Wu

[1] Jérémy Jean,et al. Cryptanalysis of NORX v2.0 , 2017, Journal of Cryptology.

[2] G. V. Assche,et al. Permutation-based encryption , authentication and authenticated encryption , 2012 .

[3] Jiqiang Lu. A Methodology for Differential-Linear Cryptanalysis and Its Applications - (Extended Abstract) , 2012, FSE.

[4] Guido Bertoni,et al. Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[5] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[6] Subhamoy Maitra,et al. Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha , 2017, IACR Cryptol. ePrint Arch..

[7] Willi Meier,et al. Higher Order Differential Analysis of NORX , 2015, IACR Cryptol. ePrint Arch..

[8] Tao Huang,et al. Cryptanalysis of Reduced NORX , 2016, FSE.

[9] Alex Biryukov,et al. Analysis of the NORX Core Permutation , 2017, IACR Cryptol. ePrint Arch..

[10] Eli Biham,et al. Enhancing Differential-Linear Cryptanalysis , 2002, ASIACRYPT.

[11] Susan K. Langford,et al. Differential-Linear Cryptanalysis , 1994, CRYPTO.

[12] Gregor Leander,et al. Differential-Linear Cryptanalysis Revisited , 2014, FSE.