Collision Attacks against AEZ-PRF for Authenticated Encryption AEZ  被引量：2

作　　者：Tairong Shi Chenhui Jin Jie Guan 

机构地区：[1]Information Science and Technology Institute, Science Avenue, High-Tech Zone, Zhengzhou, Henan 450001, China

出　　处：《China Communications》2018年第2期46-53,共8页中国通信（英文版）

基　　金：supported by the National Natural Science Foundation of China (Grant No.61572516, No.61272041 and No.61272488)

摘　　要：AEZ is an AES-based authenticated encryption submitted to the ongoing CAESAR competition and was presented at Eurocrypt2015 with AEZ v3. There are three models for AEZ, AEZ-core, AEZ-tiny and AEZ-prf. In this paper, we consider the security of AEZprf for AEZ v4.2, the latest version of AEZ.Our major finding is a collision of any 256-bit associated data for AES-prf. Then we launch collision attacks in a quantum setting and a classical setting respectively under different assumptions. In the quantum setting, by Simon's quantum algorithm, we amount a forgery with O(n) quantum superposition queries and an overwhelming probability close to 1.In the classical setting, one with the key of AEZ-prf can also construct the forgeries. Our results show that the AEZ-prf models of AEZ v4.2 is not secure in both the quantum setting and classical world. Furthermore, our results can also be applied to AEZ v3, which has been published on Eurocrypt 2015. As far as we know, no cryptanalysis of AEZ v4.2 has been published so far.AEZ is an AES-based authenticated encryption submitted to the ongoing CAESAR competition and was presented at Eurocrypt 2015 with AEZ v3. There are three models for AEZ, AEZ-core, AEZ-tiny and AEZ-prf. In this paper, we consider the security of AEZ- prf for AEZ v4.2, the latest version of AEZ. Our major finding is a collision of any 256-bit associated data for AES-prf. Then we launch collision attacks in a quantum setting and a classical setting respectively under different assumptions. In the quantum setting, by Si- mon＇s quantum algorithm, we amount a forg- ery with O（n） quantum superposition queries and an overwhelming probability close to 1. In the classical setting, one with the key of AEZ-prf can also construct the forgeries. Our results show that the AEZ-prf models of AEZ v4.2 is not secure in both the quantum setting and classical world. Furthermore, our results can also be applied to AEZ v3, which has been published on Eurocrypt 2015. As far as we know, no cryptanalysis of AEZ v4.2 has been published so far.

关 键 词：CAESAR competition authen-ticated encryption AEZ collision attacks quantum attacks 

分 类 号：TN918.4[电子电信—通信与信息系统]