Biblio

This paper analyzes the authenticated encryption algorithm ACORN, a candidate in the CAESAR cryptographic competition. We identify weaknesses in the state update function of ACORN which result in collisions in the internal state of ACORN. This paper shows that for a given set of key and initialization vector values we can construct two distinct input messages which result in a collision in the ACORN internal state. Using a standard PC the collision can be found almost instantly when the secret key is known. This flaw can be used by a message sender to create a forged message which will be accepted as legitimate.

π-Cipher is one of the twenty-nine candidates in the second round of the CAESAR competition for authenticated ciphers. π-Cipher uses a parallel sponge construction, based upon an ARX permutation. This work shows several state recovery attacks, on up to three rounds. These attacks use known values in the function's bitrate, combined with values found through exhaustive search, to retrieve the remaining values in the internal state. These attacks can break one round, for any variant of π-Cipher, in negligible time. They can also break two or three rounds much faster than exhaustive search on the key, for some variants. However, these attacks only work against version 1 of π-Cipher, due to the differences in the padding function for version 2.0. To fill this gap, this work also includes a one round attack against version 2.0, building upon the distinguisher present in the π-Cipher submission document.