Tightness of the Suffix Keyed Sponge Bound

Authors

  • Christoph Dobraunig Graz University of Technology, Graz, Austria; Radboud University, Nijmegen, The Netherlands
  • Bart Mennink Radboud University, Nijmegen, The Netherlands

DOI:

https://doi.org/10.46586/tosc.v2020.i4.195-212

Keywords:

generic attacks, symmetric cryptography, permutation-based cryptography, SuKS

Abstract

Generic attacks are a vital ingredient in the evaluation of the tightness of security proofs. In this paper, we evaluate the tightness of the suffix keyed sponge (SuKS) bound. As its name suggests, SuKS is a sponge-based construction that absorbs the key after absorbing the data, but before producing an output. This absorption of the key can be done via an easy to invert operation, like an XOR, or a hard to invert operation, like a PRF. Using SuKS with a hard to invert absorption provides benefits with respect to its resistance against side-channel attacks, and such a construction is used as part of the authenticated encryption scheme Isap. We derive two key recovery attacks against SuKS with easy to invert key absorption, and a forgery in case of hard to invert key absorption. The attacks closely match the terms in the PRF security bound of SuKS by Dobraunig and Mennink, ToSC 2019(4), and therewith show that these terms are justified, even if the function used to absorb the key is a PRF, and regardless of whether SuKS is used as a PRF or a MAC.

Downloads

Published

2020-12-10

How to Cite

Dobraunig, C., & Mennink, B. (2020). Tightness of the Suffix Keyed Sponge Bound. IACR Transactions on Symmetric Cryptology, 2020(4), 195–212. https://doi.org/10.46586/tosc.v2020.i4.195-212

Issue

Volume 2020, Issue 4

Section

Articles

License

Copyright (c) 2020 Christoph Dobraunig, Bart Mennink

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.