Avalanche Effect in Improperly Initialized CAESAR Candidates
Martin Ukrop, Petr \v{S}venda
TL;DR
This paper investigates the lack of an adequate avalanche effect in CAESAR competition candidates' authentication tags, highlighting usability issues that could lead to security vulnerabilities due to misconfiguration.
Contribution
It provides the first comprehensive analysis of avalanche effects in CAESAR candidates, revealing significant usability flaws in their security design.
Findings
None of the 52 CAESAR candidates exhibit a strong avalanche effect in authentication tags.
The lack of avalanche effect suggests potential security usability issues in these cryptographic primitives.
The study emphasizes the importance of usability features in cryptographic design.
Abstract
Cryptoprimitives rely on thorough theoretical background, but often lack basic usability features making them prone to unintentional misuse by developers. We argue that this is true even for the state-of-the-art designs. Analyzing 52 candidates of the current CAESAR competition has shown none of them have an avalanche effect in authentication tag strong enough to work properly when partially misconfigured. Although not directly decreasing their security profile, this hints at their security usability being less than perfect. Paper details available at crcs.cz/papers/memics2016
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.