Observations on the Security of COMET. (22nd May 2021)
- Record Type:
- Journal Article
- Title:
- Observations on the Security of COMET. (22nd May 2021)
- Main Title:
- Observations on the Security of COMET
- Authors:
- Xu, Zheng
Li, Yongqiang
Wang, Mingsheng - Abstract:
- Abstract: This paper investigates the security of counter mode encryption with authentication tag (COMET), one of the 32 second-round candidates in National Institute of Standards and Technology's lightweight cryptography standardization process, against differential cryptanalysis. CHAM-64/128 is a block cipher chosen as one of the underlying block ciphers in COMET for hardware-oriented applications, and a differential characteristic with a high probability for CHAM-64/128 is useful for forgery attacks on COMET. However, we find that the optimal $\mathbf{39}$ -round differential characteristic for CHAM-64/128 proposed by Roh et al., which is the longest differential characteristic of CHAM-64/128, is invalid. Then, we propose a new method of distinguishing an $\mathbf{m}$ -bit block cipher from an $\mathbf{m}$ -bit random permutation using a differential characteristic with a probability not higher than $\mathbf{2^{-m}}$ . Using our method, we use two $\mathbf{39}$ -round differential characteristics with a probability of $\mathbf{2^{-64}}$ for CHAM-64/128 to distinguish $\mathbf{39}$ -round-reduced CHAM-64/128 from a $\mathbf{64}$ -bit random permutation, respectively. Furthermore, we refine the probabilities of two differentials with the same input and output differential masks as the two $\mathbf{39}$ -round differential characteristics, respectively. Finally, we present the first forgery attacks on COMET with the two differentials without using weak keys. Our forgeryAbstract: This paper investigates the security of counter mode encryption with authentication tag (COMET), one of the 32 second-round candidates in National Institute of Standards and Technology's lightweight cryptography standardization process, against differential cryptanalysis. CHAM-64/128 is a block cipher chosen as one of the underlying block ciphers in COMET for hardware-oriented applications, and a differential characteristic with a high probability for CHAM-64/128 is useful for forgery attacks on COMET. However, we find that the optimal $\mathbf{39}$ -round differential characteristic for CHAM-64/128 proposed by Roh et al., which is the longest differential characteristic of CHAM-64/128, is invalid. Then, we propose a new method of distinguishing an $\mathbf{m}$ -bit block cipher from an $\mathbf{m}$ -bit random permutation using a differential characteristic with a probability not higher than $\mathbf{2^{-m}}$ . Using our method, we use two $\mathbf{39}$ -round differential characteristics with a probability of $\mathbf{2^{-64}}$ for CHAM-64/128 to distinguish $\mathbf{39}$ -round-reduced CHAM-64/128 from a $\mathbf{64}$ -bit random permutation, respectively. Furthermore, we refine the probabilities of two differentials with the same input and output differential masks as the two $\mathbf{39}$ -round differential characteristics, respectively. Finally, we present the first forgery attacks on COMET with the two differentials without using weak keys. Our forgery attacks follow the nonce-misuse scenario. It should be noticed that this attack does not invalidate the security claims of the designers. … (more)
- Is Part Of:
- Computer journal. Volume 65:Number 9(2022)
- Journal:
- Computer journal
- Issue:
- Volume 65:Number 9(2022)
- Issue Display:
- Volume 65, Issue 9 (2022)
- Year:
- 2022
- Volume:
- 65
- Issue:
- 9
- Issue Sort Value:
- 2022-0065-0009-0000
- Page Start:
- 2247
- Page End:
- 2261
- Publication Date:
- 2021-05-22
- Subjects:
- differential cryptanalysis -- differential probability -- COMET -- CHAM-64/128
Computers -- Periodicals
005.1 - Journal URLs:
- http://comjnl.oxfordjournals.org/ ↗
http://ukcatalogue.oup.com/ ↗ - DOI:
- 10.1093/comjnl/bxab061 ↗
- Languages:
- English
- ISSNs:
- 0010-4620
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.060000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 24231.xml