A MAC Forgery Attack on SOBER-128

Dai WATANABE  Soichi FURUYA  Toshinobu KANEKO  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E88-A   No.5   pp.1166-1172
Publication Date: 2005/05/01
Online ISSN: 
DOI: 10.1093/ietfec/e88-a.5.1166
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
stream cipher,  message authentication code,  authenticated encryption,  differential cryptanalysis,  SOBER,  

Full Text: PDF>>
Buy this Article

SOBER-128 is a stream cipher designed by Rose and Hawkes in 2003. It can be also used for generating Message Authentication Codes (MACs) and an authenticated encryption. The developers claimed that it is difficult to forge MACs generated by both functions of SOBER-128, though, the security assumption in the proposal paper is not realistic in some instances. In this paper, we examine the security of these message authentication mechanisms of SOBER-128 under security channel model. As a result, we show that both a MAC generation and an authenticated encryption are vulnerable against differential cryptanalysis. The success probabilities of the MAC forgery attack are estimated at 2-6 and 2-27 respectively. In addition, we show that some secret bits are revealed if a key is used many times.