对认证加密算法AES-OTR的伪造攻击

FORGING ATTACKS ON AUTHENTICATED ENCRYPTION ALGORITHM AES-OTR

AES-OTR算法是CAESAR竞赛中的一个竞选算法,CAESAR竞赛是2014年在国际密码协会IACR主办下由日本发起面向全球的征集认证加密算法的竞赛活动。AES-OTR凭借自身独特的优点顺利进入了第三轮的筛选,该算法加密和认证都是基于分组密码AES。但是AES-OTR加密时各块的相对独立性以及简单的标签产生方法,使得存在有效的伪造攻击方法。针对该算法的这些缺点,提出在已知明文条件下,当关联数据和公共消息数重用时对AES-OTR的伪造攻击方法,同时证明了伪造方法的有效性,并且计算了伪造方法成功的概率。

AES-OTR algorithm is a campaign of CAESAR competition, the competition is sponsored by the international cryptography Association IACR and launched by Japan in order to collect authentication and encryption algorithm to the whole world. AES-OTR has successfully entered the third round of screening by virtue of its unique advantages. Encryption and authentication of AES-OTR algorithm are all based on block cipher AES. But the relative independence of each block and label generation method is relatively simple make AES-OTR exists effective methods of forgery attack. For the disadvantages of this algorithm,this paper shows forgery attack on AES-OTR in the known plaintext conditions and association data and public message number are reused. At the same time,the validity of the methods is proved,and the probability of the success of the method is calculated.