Abstract
AEZ is an AES-based authenticated encryption submitted to the ongoing CAESAR competition and was presented at Eurocrypt 2015 with AEZ v3. There are three models for AEZ, AEZ-core, AEZ-tiny and AEZ-prf. In this paper, we consider the security of AEZ-prf for AEZ v4.2, the latest version of AEZ. Our major finding is a collision of any 256-bit associated data for AES-prf. Then we launch collision attacks in a quantum setting and a classical setting respectively under different assumptions. In the quantum setting, by Simon's quantum algorithm, we amount a forgery with O(n) quantum superposition queries and an overwhelming probability close to 1. In the classical setting, one with the key of AEZ-prf can also construct the forgeries. Our results show that the AEZ-prf models of AEZ v4.2 is not secure in both the quantum setting and classical world. Furthermore, our results can also be applied to AEZ v3, which has been published on Eurocrypt 2015. As far as we know, no cryptanalysis of AEZ v4.2 has been published so far.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
