A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf
.
Related-Key Forgeries for Prøst-OTR
[chapter]
2015
Lecture Notes in Computer Science
We present a forgery attack on Prøst-OTR in a related-key setting. Prøst is a family of authenticated encryption algorithms proposed as candidates in the currently ongoing CAESAR competition, and Prøst-OTR is one of the three variants of the Prøst design. The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation. Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can
doi:10.1007/978-3-662-48116-5_14
fatcat:lxzfusctkndbjnraetol2jeegi