Résumé : AEZ is a authentication encryption oriented block cipher submitted to the CAESAR competition and well suited for software implementation. It was selected for the second round when we analyse the resilience of the last version, namely AEZ v4.1, against key-recovery. We showed that, while it was partly updated in order to thwart key-recovery attack based on birthday paradox published at Asiacrypt 2015 by Fuhr, Leurent and Suder, such attacks remain and lead to a full recovery of the secret. Basically our attack proceeds in two steps, the first one leverages the use of a tweakable block cipher to prompt a collision and retrieve one of the three sub-keys ; the second attack a 4-round AES weakened by the knowledge of this sub-key and retrieve the full secret materials. Despite our attack does not violate the security claims of AEZ since no one was made for beyond-birthday security, it emphasizes an unwanted property of AEZ and its weakness against key-recovery attack.
Lieu : Bât. Descartes, Salle 301
|Séminaire dédié à la cryptographie et à la sécurité informatique. Ce séminaire, ouvert à tous, a généralement lieu le jeudi matin de 11h à 12h en salle 301 du bâtiment Descartes.
Pour intervenir dans celui-ci, en présentant vos recherches ou vos développements industriels, veuillez contacter Luca De Feo.