Open AccessState-Recovery Attacks on Modified Ketje Jr
Author(s) -
Thomas Fuhr,
Maŕıa Naya-Plasencia,
Yann Rotella
Publication year - 2018
Publication title -
iacr transactions on symmetric cryptology
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.715
H-Index - 10
ISSN - 2519-173X
DOI - 10.46586/tosc.v2018.i1.29-56
Subject(s) - hash function , computer science , keystream , key (lock) , state (computer science) , computer security , encryption , computer network , arithmetic , theoretical computer science , algorithm , cryptanalysis , mathematics
In this article we study the security of the authenticated encryption algorithm Ketje against divide-and-conquer attacks. Ketje is a third-round candidate in the ongoing CAESAR competition, which shares most of its design principles with the SHA-3 hash function. Several versions of Ketje have been submitted, with different sizes for its internal state. We describe several state-recovery attacks on the smaller variant, called Ketje Jr. We show that if one increases the amount of keystream output after each round from 16 bits to 40 bits, Ketje Jr becomes vulnerable to divide-and-conquer attacks with time complexities 271.5 for the original version and 282.3 for the current tweaked version, both with a key of 96 bits. We also propose a similar attack when considering rates of 32 bits for the non-tweaked version. Our findings do not threaten the security of Ketje, but should be taken as a warning against potential future modifications that would aim at increasing the performance of the algorithm.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom