logo

SCIENCE CHINA Information Sciences, Volume 62, Issue 3: 039109(2019) https://doi.org/10.1007/s11432-017-9457-x

Real-time state recovery attack against MORUS in nonce-misuse setting

More info
  • ReceivedMay 12, 2017
  • AcceptedMay 4, 2018
  • PublishedJan 3, 2019

Abstract

There is no abstract available for this article.


Acknowledgment

This work was supported by National Natural Science Foundation of China (Grant Nos. 61572516, 61602514, 61272041, 61272488).


References

[1] The CAESAR committee. Competition for Authenticated Encryption: Security, Applicability, and Robustness. 2014. http://competitions.cr.yp.to/caesar.html. Google Scholar

[2] Wu H, Huang T. The Authenticated Cipher MORUS (v1.1). 2016. http://competitions.cr.yp.to/round2/~morusv11.pdf. Google Scholar

[3] Mileva A, Dimitrova V, Velichkov V. Analysis of the authenticated cipher MORUS (v1). In: Proceedings of International Conference on Cryptography and Information Security in the Balkans, Koper, 2015. 45--59. Google Scholar

[4] Nozaki Y, Yoshikawa M. Power analysis attack for a fast authenticated encryption MORUS. In: Proceedings of International Conference on Applied System Innovation, Sapporo, 2017. 365--368. Google Scholar

[5] Dwivedi A D, Klouček M, Morawiecki P, et al. SAT-based cryptanalysis of authenticated ciphers from the CAESAR competition. In: Proceedings of International Conference on Security and Cryptography, Madrid, 2017. 237--246. Google Scholar

[6] Zhang P, Guan J, Li J Z, et al. Research on the confusion and diffusion properties of the initialization of MORUS. J Cryptol Res, 2015, 2: 536--548. Google Scholar

[7] Guan J, Shi T R, Li J Z, et al. Analysis of MORUS against collision attack (in Chinese). J Elec Inf Tech, 2017, 39: 1704--1710. Google Scholar

  • Table 1   Summary of state recovery
    Recovery state $\Delta~{{P}_{0}}$ $\Delta~{{P}_{1}}$ $\Delta~{{P}_{2}}$ Reuse time
    $S_{3}^{1}$ ${{\alpha~}_{0}},{{\alpha~}_{1}},{{\alpha~}_{2}},{{\alpha~}_{3}}$ ${{0}^{128}}$ ${{0}^{128}}$ 4
    $S_{2}^{1}$ ${{e}_{j}},j\in[0,15]$ ${{0}^{128}}$ ${{0}^{128}}$ 1
    $S_{3}^{2}$ ${{0}^{128}}$ ${{1}^{128}}$ ${{0}^{128}}$ 1
    $S_{2}^{2}$ ${{0}^{128}}$ ${{e}_{j}},j\in[0,15]$ ${{0}^{128}}$ 1
    $S_{0}^{1},S_{1}^{1},S_{4}^{1}$ 0 0 0 0

Copyright 2020 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有

京ICP备18024590号-1       京公网安备11010102003388号