A MAC forgery attack on SOBER-128

作     者：Watanabe, D Furuya, S Kaneko, T 

作者机构：Hitachi Ltd Syst Dev Lab Yokohama Kanagawa 2440817 Japan Tokyo Univ Sci Noda Chiba 2788510 Japan 

出 版 物：《IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES》 (电子信息通信学会汇刊：电子学、通信及计算机科学基础)

年 卷 期：2005年第E88A卷第5期

页      面：1166-1172页

核心收录：

学科分类：0808[工学-电气工程] 0809[工学-电子科学与技术（可授工学、理学学位）] 08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：stream cipher message authentication code authenticated encryption differential cryptanalysis SOBER 

摘      要：SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2(-6) and 2(-27) respectively. In addition, we show that some secret bits are revealed if a key is used many times.