| Journal of mathematical cryptology | |
| A fundamental flaw in the ++AE authenticated encryption mode | |
| article | |
| Hassan Qahur Al Mahri1 Leonie Simpson1 Harry Bartlett1 Ed Dawson1 Kenneth Koon-Ho Wong1 | |
| [1] Queensland University of Technology | |
| 关键词: Authenticated encryption; ++AE; block cipher; forgery attack; symmetric encryption; CAESAR; | |
| DOI : 10.1515/jmc-2016-0037 | |
| 学科分类:社会科学、人文和艺术(综合) | |
| 来源: De Gruyter | |
 PDF
|
|
【 摘 要 】
In this article, we analyse a block cipher mode of operation for authenticated encryption known as ++AE (plus-plus-AE). We show that this mode has a fundamental flaw: the scheme does not verify the most significant bit of any block in the plaintext message. This flaw can be exploited by choosing a plaintext message and then constructing multiple forged messages in which the most significant bit of certain blocks is flipped. All of these plaintext messages will generate the same authentication tag. This forgery attack is deterministic and guaranteed to pass the ++AE integrity check. The success of the attack is independent of the underlying block cipher, key or public message number. We outline the mathematical proofs for the flaw in the ++AE algorithm. We conclude that ++AE is insecure as an authenticated encryption mode of operation.
【 授权许可】
CC BY|CC BY-NC-ND
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO202107200005235ZK.pdf | 1776KB |  download |
878987797
028-85220240
