The Design of Rijndael
Blind differential cryptanalysis for enhanced power attacks
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
On the internal structure of ALPHA-MAC
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
A new MAC construction alred and a specific instance ALPHA-MAC
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
An AES smart card implementation resistant to power analysis attacks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
An efficient masking scheme for AES software implementations
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Multiple-Differential Side-Channel Collision Attacks on AES
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Towards Secure and Practical MACs for Body Sensor Networks
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Revisiting the security of the ALRED design
ISC'10 Proceedings of the 13th international conference on Information security
Hi-index | 0.00 |
Message Authentication Code construction Alred and its AES-based instance Alpha-MAC were introduced by Daemen and Rijmen in 2005. We show that under certain assumptions about its implementation (namely that keyed parts are perfectly protected against side-channel attacks but bulk hashing rounds are not) one can efficiently attack this function. We propose a side-channel collision attack on this MAC recovering its internal state just after 29 measurements in the known-message scenario which is to be compared to 40 measurements required by collision attacks on AES in the chosen-plaintext scenario. Having recovered the internal state, we mount a selective forgery attack using new 4 to 1 round collisions working with negligible memory and time complexity.