A MAC Forgery Attack on SOBER-128
Summary :
SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E88-A No.5 pp.1166-1172
- Publication Date
- 2005/05/01
- Publicized
- Online ISSN
- DOI
- 10.1093/ietfec/e88-a.5.1166
- Type of Manuscript
- Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
- Category
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Dai WATANABE, Soichi FURUYA, Toshinobu KANEKO, "A MAC Forgery Attack on SOBER-128" in IEICE TRANSACTIONS on Fundamentals,
vol. E88-A, no. 5, pp. 1166-1172, May 2005, doi: 10.1093/ietfec/e88-a.5.1166.
Abstract: SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e88-a.5.1166/_p
Copy
@ARTICLE{e88-a_5_1166,
author={Dai WATANABE, Soichi FURUYA, Toshinobu KANEKO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={A MAC Forgery Attack on SOBER-128},
year={2005},
volume={E88-A},
number={5},
pages={1166-1172},
abstract={SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.},
keywords={},
doi={10.1093/ietfec/e88-a.5.1166},
ISSN={},
month={May},}
Copy
TY - JOUR
TI - A MAC Forgery Attack on SOBER-128
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1166
EP - 1172
AU - Dai WATANABE
AU - Soichi FURUYA
AU - Toshinobu KANEKO
PY - 2005
DO - 10.1093/ietfec/e88-a.5.1166
JO - IEICE TRANSACTIONS on Fundamentals
SN -
VL - E88-A
IS - 5
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - May 2005
AB - SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.
ER -
English
