Practical Attacks on Full-round FRIET

Authors

  • Senpeng Wang State Key Laboratory of Cryptology, Beijing, China; Information Engineering University, Zhengzhou, China
  • Dengguo Feng State Key Laboratory of Cryptology, Beijing, China
  • Bin Hu Information Engineering University, Zhengzhou, China
  • Jie Guan Information Engineering University, Zhengzhou, China
  • Tairong Shi Information Engineering University, Zhengzhou, China

DOI:

https://doi.org/10.46586/tosc.v2022.i4.105-119

Keywords:

FRIET, Authenticated Encryption, Differential Attack, Linear Attack, Fault Injection

Abstract

FRIET is a duplex-based authenticated encryption scheme proposed at EUROCRYPT 2020. It follows a novel design approach for built-in countermeasures against fault attacks. By a judicious choice of components, the designers propose the permutation FRIET-PC that can be used to build an authenticated encryption cipher denoted as FRIET-AE. And FRIET-AE provides a 128-bit security claim for integrity and confidentiality. In this paper, we research the propagation of pairs of differences and liner masks through the round function of FRIET-PC. For the full-round FRIET-PC, we can construct a differential distinguisher whose probability is 1 and a linear distinguisher whose absolute value of correlation is 1. Moreover, we use the differential distinguisher with probability 1 to construct a set consisting of valid tags and ciphertexts which are not created by legal users. This breaks FRIET-AE’s security claim for integrity and confidentiality. As far as we know, this is the first practical attack that threatens the security of FRIET-AE.

Downloads

Published

2022-12-07

How to Cite

Wang, S., Feng, D., Hu, B., Guan, J., & Shi, T. (2022). Practical Attacks on Full-round FRIET. IACR Transactions on Symmetric Cryptology, 2022(4), 105–119. https://doi.org/10.46586/tosc.v2022.i4.105-119

Issue

Section

Articles