Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1. 03), and CiliPadi (v1) Variants

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

M. Niknam Majid; Sadeghi Sadegh; AREF MOHAMMAD REZA; BAGHERI NASOUR

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY Year:2020 | Volume:12 | Issue:1 Page(s): 13-23

Download Full-Text

Persian Verion

View:

568

Download:

169

Cites:

Information Journal Paper

Title

Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1. 03), and CiliPadi (v1) Variants

Author(s)

M. Niknam Majid | Sadeghi Sadegh | AREF MOHAMMAD REZA | BAGHERI NASOUR | Issue Writer Certificate

Keywords

NIST lightweight cryptography competitionQ1

Preimage attackQ1

IntegrityQ1

ConfidentialityQ1

Key recoveryQ1

MILPQ1

Abstract

In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi, which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively, and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respectively. We show that the security bounds for some variants of its hash and AEAD are less than the designers’ claims. For example, the designers’ security claim of the Preimage attack for a hash function when the rate is 128 bits, and the capacity is 256 bits, is 2256. However, we show that the security of preimage for this parameter set is 2128. Also, the designer claimed security of Confidentiality for an AEAD, when the rate is 8 bits, and the capacity is 224 bits, is 2116. However, we show the security of Confidentiality for it is 2112. We also investigate the structure of the permutation used in InGAGE and present an attack to recover the key for reduced rounds of a variant of InGAGE. In an instance of AEAD of InGAGE, when the rate is 8 bits and the capacity is 224 bits, we recover the key when the number of the composition of the main permutation with itself, i. e., r1, is less than 8. We also show that CiliPadi is vulnerable to the length extension attack by presenting concrete examples of forged messages.

Cites

No record.

References

No record.

Cite

APA: Copy

M. Niknam, Majid, Sadeghi, Sadegh, AREF, MOHAMMAD REZA, & BAGHERI, NASOUR. (2020). Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1. 03), and CiliPadi (v1) Variants. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 12(1 ), 13-23. SID. https://sid.ir/paper/400242/en

Vancouver: Copy

M. Niknam Majid, Sadeghi Sadegh, AREF MOHAMMAD REZA, BAGHERI NASOUR. Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1. 03), and CiliPadi (v1) Variants. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY[Internet]. 2020;12(1 ):13-23. Available from: https://sid.ir/paper/400242/en

IEEE: Copy

Majid M. Niknam, Sadegh Sadeghi, MOHAMMAD REZA AREF, and NASOUR BAGHERI, “Investigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1. 03), and CiliPadi (v1) Variants,” THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol. 12, no. 1 , pp. 13–23, 2020, [Online]. Available: https://sid.ir/paper/400242/en

Related Journal Papers