Abstract
ACORN v3 is a lightweight authenticated encryption cipher, which was selected as one of the seven finalists of CAESAR competition in March 2018. It is intended for lightweight applications (resource-constrained environments). By using the technique numeric mapping proposed at CRYPTO 2017, an efficient algorithm for algebraic degree estimation of ACORN v3 is proposed. As a result, new distinguishing attacks on 647, 649, 670, 704, and 721 initialization rounds of ACORN v3 are obtained, respectively. So far, as we know, all of our distinguishing attacks on ACORN v3 are the best. The effectiveness and accuracy of our algorithm is confirmed by the experimental results.
Highlights
ACORN, which is known as ACORN v1 [1], is a lightweight authenticated encryption cipher which had been submitted to the CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) competition [2] in 2014. e structure is based on nonlinear feedback shift register
At CRYPTO 2017, Liu [22] exploited a new technique, called numeric mapping, to iteratively estimate the upper bound on the algebraic degree of the internal states of an NFSR
Us, from the perspective of cube tester, estimation on algebraic degree of NFSR-based cryptosystems is an efficient way of constructing distinguishing attacks
Summary
ACORN, which is known as ACORN v1 [1], is a lightweight authenticated encryption cipher which had been submitted to the CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) competition [2] in 2014. e structure is based on nonlinear feedback shift register. When taking all the key and IV bits as initial input variables, the result shows that the lower bound on the maximum number of initialization rounds of ACORN v3 such that the generated keystream bit does not achieve maximum algebraic degree is 669 (out of 1792). When taking all the IV bits as input variables, the result shows that the lower bound on the maximum number of initialization rounds of ACORN v3 such that the generated keystream bit does not achieve maximum algebraic degree is 708 (out of 1792). In these attacks, the recovered secret variables are generally smaller than 1 bit, while the time complexities are significantly high.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
