Attacks and Security Proofs of EAX-Prime ⋆
2013
\(\text {EAX}'\) (or EAX-prime) is an authenticated encryption (AE) specified by ANSI C12.22 as a standard security function for Smart Grid. \(\text {EAX}'\) is based on EAX proposed by Bellare, Rogaway, and Wagner. While EAX has a proof of security based on the pseudorandomness of the internal blockcipher, no published security result is known for \(\text {EAX}'\). This paper studies the security of \(\text {EAX}'\) and shows that there is a sharp distinction in security of \(\text {EAX}'\) depending on the input length. \(\text {EAX}'\) encryption takes two inputs, called cleartext and plaintext, and we present various efficient attacks against \(\text {EAX}'\) using single-block cleartext and plaintext. At the same time we prove that if cleartexts are always longer than one block, it is provably secure based on the pseudorandomness of the blockcipher.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
16
References
11
Citations
NaN
KQI