Practical Forgeries and Distinguishers against PAES
We present two practical attacks on the CAESAR candidate PAES. The first attack is a universal forgery for any plaintext with at least 240 bytes. It works for the nonce-repeating variant of PAES and in a nutshell it is a state recovery based on solving differential equations for the S-Box leaked thr...
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Journal Article |
Language: | English |
Published: |
2016
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/82018 http://hdl.handle.net/10220/39784 |