Distinguishing Attack on NORX Permutation

Authors

  • Tao Huang School of Physical and Mathematical Sciences Nanyang Technological University, Singapore, Singapore
  • Hongjun Wu School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore; School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore

DOI:

https://doi.org/10.13154/tosc.v2018.i1.57-73

Keywords:

NORX, Distinguishing Attack, Differential-Linear Cryptanalysis

Abstract

NORX is a permutation-based authentication scheme which is currently a third-round candidate of the ongoing CAESAR competition. The security bound of NORX is derived from the sponge construction applied to an ideal underlying permutation. In this paper, we show that the NORX core permutation is non-ideal with a new distinguishing attack. More specifically, we can distinguish NORX64 permutation with 248.5 queries and distinguish NORX32 permutation with 264.7 queries using carefully crafted differential-linear attacks. We have experimentally verified the distinguishing attack on NORX64 permutation. Although the distinguishing attacks reveal the weakness of the NORX permutation, it does not directly threat the security of the NORX authenticated encryption scheme.

Downloads

Published

2018-03-01

How to Cite

Huang, T., & Wu, H. (2018). Distinguishing Attack on NORX Permutation. IACR Transactions on Symmetric Cryptology, 2018(1), 57–73. https://doi.org/10.13154/tosc.v2018.i1.57-73

Issue

Volume 2018, Issue 1

Section

Articles

License

Copyright (c) 2018 Tao Huang, Hongjun Wu

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.