Analyzing the Linear Keystream Biases in AEGIS
AEGIS is one of the authenticated encryption designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. In 2014, Minaud discovered...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2020-01-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/8468 |
| _version_ | 1818879573295628288 |
|---|---|
| author | Maria Eichlseder Marcel Nageler Robert Primas |
| author_facet | Maria Eichlseder Marcel Nageler Robert Primas |
| author_sort | Maria Eichlseder |
| collection | DOAJ |
| description | AEGIS is one of the authenticated encryption designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. In 2014, Minaud discovered slight biases in the keystream based on linear characteristics. For family member AEGIS-256, these could be exploited to undermine the confidentiality faster than generic attacks, but this still requires very large amounts of data. For final portfolio member AEGIS-128, these attacks are currently less efficient than generic attacks. We propose improved keystream approximations for the AEGIS family, but also prove upper bounds below 2−128 for the squared correlation contribution of any single suitable linear characteristic. |
| first_indexed | 2024-12-19T14:32:13Z |
| format | Article |
| id | doaj.art-1bff710ce48e4c009ca595989a256518 |
| institution | Directory Open Access Journal |
| issn | 2519-173X |
| language | English |
| last_indexed | 2024-12-19T14:32:13Z |
| publishDate | 2020-01-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | IACR Transactions on Symmetric Cryptology |
| spelling | doaj.art-1bff710ce48e4c009ca595989a2565182022-12-21T20:17:25ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2020-01-012019410.13154/tosc.v2019.i4.348-368Analyzing the Linear Keystream Biases in AEGISMaria Eichlseder0Marcel Nageler1Robert Primas2Graz University of Technology, Graz, AustriaGraz University of Technology, Graz, AustriaGraz University of Technology, Graz, AustriaAEGIS is one of the authenticated encryption designs selected for the final portfolio of the CAESAR competition. It combines the AES round function and simple Boolean operations to update its large state and extract a keystream to achieve an excellent software performance. In 2014, Minaud discovered slight biases in the keystream based on linear characteristics. For family member AEGIS-256, these could be exploited to undermine the confidentiality faster than generic attacks, but this still requires very large amounts of data. For final portfolio member AEGIS-128, these attacks are currently less efficient than generic attacks. We propose improved keystream approximations for the AEGIS family, but also prove upper bounds below 2−128 for the squared correlation contribution of any single suitable linear characteristic.https://tosc.iacr.org/index.php/ToSC/article/view/8468Authenticated encryptionCAESARAEGISLinear cryptanalysis |
| spellingShingle | Maria Eichlseder Marcel Nageler Robert Primas Analyzing the Linear Keystream Biases in AEGIS IACR Transactions on Symmetric Cryptology Authenticated encryption CAESAR AEGIS Linear cryptanalysis |
| title | Analyzing the Linear Keystream Biases in AEGIS |
| title_full | Analyzing the Linear Keystream Biases in AEGIS |
| title_fullStr | Analyzing the Linear Keystream Biases in AEGIS |
| title_full_unstemmed | Analyzing the Linear Keystream Biases in AEGIS |
| title_short | Analyzing the Linear Keystream Biases in AEGIS |
| title_sort | analyzing the linear keystream biases in aegis |
| topic | Authenticated encryption CAESAR AEGIS Linear cryptanalysis |
| url | https://tosc.iacr.org/index.php/ToSC/article/view/8468 |
| work_keys_str_mv | AT mariaeichlseder analyzingthelinearkeystreambiasesinaegis AT marcelnageler analyzingthelinearkeystreambiasesinaegis AT robertprimas analyzingthelinearkeystreambiasesinaegis |