Abstract
NORX is a permutation-based authentication scheme which is currently a third-round candidate of the ongoing CAESAR competition. The security bound of NORX is derived from the sponge construction applied to an ideal underlying permutation. In this paper, we show that the NORX core permutation is non-ideal with a new distinguishing attack. More specifically, we can distinguish NORX64 permutation with 248.5 queries and distinguish NORX32 permutation with 264.7 queries using carefully crafted differential-linear attacks. We have experimentally verified the distinguishing attack on NORX64 permutation. Although the distinguishing attacks reveal the weakness of the NORX permutation, it does not directly threat the security of the NORX authenticated encryption scheme.
Highlights
Confidentiality and integrity are two main security notions of symmetric-key cryptography
We show that the full NORX64 permutation can be distinguished with 248.5 queries and the full NORX32 permutation can be distinguished with 264.7 queries using carefully crafted differential-linear characteristics
Section, we will start with constructing the linear characteristic and construct the differential characteristic backward to form a differential-linear characteristic for NORX32 permutation
Summary
Confidentiality and integrity are two main security notions of symmetric-key cryptography. Authenticated encryption (AE) or extended authenticated encryption with associated data (AEAD) schemes are widely used to achieve both confidentiality and integrity. The ongoing Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) [CAE13] is a competition on designing authenticated encryption schemes which are better than current widely-used AE scheme AES-GCM. There are 57 algorithms submitted to the first round of this competition in 2013. In August 2016, 15 algorithms have been selected in the third round. It was submitted to the CAESAR competition, and has been selected as 1 of the 15 third-round candidates. NORX is designed for efficient implementations in both software and hardware. It is an application of the monkeyDuplex construction [BDPA12, BDPA11] which uses a permutation as the underlying primitive to achieve authenticated encryption. NORX supports both 32-bit word size and 64-bit word size, which are denoted as NORX32 and NORX64 respectively
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
