دانلود رایگان مقاله طبقه بندی طرح رمزگذاری برای رقابت 'رمزگذاری تایید هویت: امنیت، کاربرد، و پایداری

Abstract

An authenticated encryption scheme is a scheme which provides privacy and integrity by using a secret key. In 2013, CAESAR (the “Competition for Authenticated Encryption: Security, Applicability, and Robustness”) was co-founded by NIST and Dan Bernstein with the aim of finding authenticated encryption schemes that offer advantages over AES-GCM and are suitable for widespread adoption. The first round started with 57 candidates in March 2014; and nine of these first-round candidates were broken and withdrawn from the competition. The remaining 48 candidates went through an intense process of review, analysis and comparison. While the cryptographic community benefits greatly from the manifold different submission designs, their sheer number implies a challenging amount of study. This paper provides an easy-to-grasp overview over functional aspects, security parameters, and robustness offerings by the CAESAR candidates, clustered by their underlying designs (block-cipher-, stream-cipher-, permutation-/sponge-, compression-function-based, dedicated). After intensive review and analysis of all 48 candidates by the community, the CAESAR committee selected only 30 candidates for the second round. The announcement for the third round candidates was made on 15th August 2016 and 15 candidates were chosen for the third round.

5. General overview of attacks on candidates

In this section, we first give general explanation of broken candidates and their analysis. Then we consider analysis and observation of existing candidates.57 candidates were submitted for the first round of the CAESAR competition. At the time of writing this paper, 9 candidates are considered broken and withdrawn from the competition. Candidates are as following: AES-COBRA. AES-COBRA is an authenticated encryption mode based on AES block cipher with the claim of 64-bit security for both privacy and integrity, and 128-bit for both key recovery and tag guessing attacks. But Nandi [65] showed a forgery attack on n-bit blockcipher with only O(n) queries and success probability about 1/2 which violate the security claim made by the designers. Calico. Calico is a family of lightweight authenticated encryption with support of associated data. It is basically based on stream cipher ChaCha-14 and 20, MAC function Siphash-2-4, and hash function BLAKE2. The designer claimed 127 bits of security for the confidentiality of plaintext, and 63 bits of security for the integrity. Christoph Dobraunig et al. [66] showed a forgery and key recovery attacks which requires 264 online queries with the success probability of 1 to recover 128-bit key of the MAC. CBEAM. CBEAM is algorithm for the authenticated encryption which supports associated data. It uses sponge permutation construction. The designer claimed 127-bit of security for privacy and 63-bit for the privacy but Minaud [67] showed a differential attack on the sponge permutation of CBEAM which can be exploited for a forgery with success probability of 2−43 which is contrary to the security claim, 2−63, made by the designers.