Universal Forgery Attack Against GCM-RUP

Li, Yanbin; Leurent, Gaëtan; Wang, Meiqin; Wang, Wei; Zhang, Guoyan; Yu, Liu

doi:10.1007/978-3-030-40186-3_2

Cited by 1 publication

(1 citation statement)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, forkcipher is a hot future research direction. Additionally, there have been some achievements in RUP security for two-pass AE schemes in recent years, such as GCM-RUP [43] and its variant [44]. This is also a direction to watch in the future.…”

Section: Discussion and Future Workmentioning

confidence: 96%

Polynomial Intermediate Checksum for Integrity under Releasing Unverified Plaintext and Its Application to COPA

Zhang

2024

Mathematics

View full text Add to dashboard Cite

COPA, introduced by Andreeva et al., is the first online authenticated encryption (AE) mode with nonce-misuse resistance, and it is covered in COLM, which is one of the final CAESAR portfolios. However, COPA has been proven to be insecure in the releasing unverified plaintext (RUP) setting. This paper mainly focuses on the integrity under RUP (INT-RUP) defect of COPA. Firstly, this paper revisits the INT-RUP security model for adaptive adversaries, investigates the possible factors of INT-RUP insecurity for “Encryption-Mix-Encryption”-type checksum-based AE schemes, and finds that these AE schemes with INT-RUP security vulnerabilities utilize a common poor checksum technique. Then, this paper introduces an improved checksum technique named polynomial intermediate checksum (PIC) for INT-RUP security and emphasizes that PIC is a sufficient condition for guaranteeing INT-RUP security for “Encryption-Mix-Encryption”-type checksum-based AE schemes. PIC is generated by a polynomial sum with full terms of intermediate internal states, which guarantees no information leakage. Moreover, PIC ensures the same level between the plaintext and the ciphertext, which guarantees that the adversary cannot obtain any useful information from the unverified decryption queries. Again, based on PIC, this paper proposes a modified scheme COPA-PIC to fix the INT-RUP defect of COPA. COPA-PIC is proven to be INT-RUP up to the birthday-bound security if the underlying primitive is secure. Finally, this paper discusses the properties of COPA-PIC and makes a comparison for AE modes with distinct checksum techniques. The proposed work is of good practical significance. In an interactive system where two parties communicate, the receiver can effectively determine whether the information received from the sender is valid or not, and thus perform the subsequent operation more effectively.

show abstract

Section: Discussion and Future Workmentioning

confidence: 96%

Polynomial Intermediate Checksum for Integrity under Releasing Unverified Plaintext and Its Application to COPA

Zhang

2024

Mathematics

View full text Add to dashboard Cite

show abstract

Universal Forgery Attack Against GCM-RUP

Cited by 1 publication

References 35 publications

Polynomial Intermediate Checksum for Integrity under Releasing Unverified Plaintext and Its Application to COPA

Polynomial Intermediate Checksum for Integrity under Releasing Unverified Plaintext and Its Application to COPA

Contact Info

Product

Resources

About