Twisted Polynomials and Forgery Attacks on GCM

Abdelraheem, Mohamed Ahmed; Beelen, Peter; Bogdanov, Andrey; Tischhauser, Elmar

doi:10.1007/978-3-662-46800-5_29

Cited by 12 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AES-OGCM-1 and AES-OGCM-2 can encrypt at most 2 96 plaintexts in the nonce-respecting scenario, the maximum length of the plaintext is about 2 32 blocks (64 GBytes), and the privacy and authenticity achieve roughly 107.9565-bit or 121.9339-bit security which is better than those of AES-GCM (about 64-bit security). Alike GCM, OGCM-1 and OGCM-2 are based on polynomial AXU hash functions which may introduce some attacks, such as [36,37,42,43].…”

Section: Discussion and Future Workmentioning

confidence: 99%

See 1 more Smart Citation

Close to Optimally Secure Variants of GCM

Zhang

Yuan

2018

Security and Communication Networks

View full text Add to dashboard Cite

The Galois/Counter Mode of operation (GCM) is a widely used nonce-based authenticated encryption with associated data mode which provides the birthday-bound security in the nonce-respecting scenario; that is, it is secure up to about 2n/2 adversarial queries if all nonces used in the encryption oracle are never repeated, where n is the block size. It is an open problem to analyze whether GCM security can be improved by using some simple operations. This paper presents a positive response for this problem. Firstly, we introduce two close to optimally secure pseudorandom functions and derive their security bound by the hybrid technique. Then, we utilize these pseudorandom functions that we design and a universal hash function to construct two improved versions of GCM, called OGCM-1 and OGCM-2. OGCM-1 and OGCM-2 are, respectively, provably secure up to approximately 2n/67(n-1)2 and 2n/67 adversarial queries in the nonce-respecting scenario if the underlying block cipher is a secure pseudorandom permutation. Finally, we discuss the properties of OGCM-1 and OGCM-2 and describe the future works.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

“…For the attacks of GCM, Saarinen showed weak keys of GHASH and the cycling attacks on GCM in [36]. Other researches related to GCM include [37][38][39][40][41][42][43][44]. GCM has been widely applied in the IEEE 802.1AE Ethernet security, IEEE 802.11ad, IETF IPsec standards, SSH, TLS, and so on.…”

Section: Introductionmentioning

confidence: 99%