Paper 2019/457

Forgery Attack on mixFeed in the Nonce-Misuse Scenario

Mustafa Khairallah

Abstract

mixFeed [CN19] is a round 1 candidate for the NIST Lightweight Cryptography Standardization Project. It is a single-pass, nonce-based, AES-based authenticated encryption algorithms. The authors claim that while there are no guarantees for security in terms of confidentiality in case of nonce-misuse (repetition), the integrity security still holds up to 2^32 data complexity. In this report, this claim is not true in case the plaintext length is non-zero (≥ 16 bytes to be exact). We show a forgery attack that requires only two encryption queries with the same nonce and 34 bytes of data.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
AEADforgerymixFeedNonce Misusecollision
Contact author(s)
mustafam001 @ e ntu edu sg
History
2019-05-10: received
Short URL
https://ia.cr/2019/457
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/457,
      author = {Mustafa Khairallah},
      title = {Forgery Attack on mixFeed in the Nonce-Misuse Scenario},
      howpublished = {Cryptology ePrint Archive, Paper 2019/457},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/457}},
      url = {https://eprint.iacr.org/2019/457}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.