COLM under attack: A cryptanalytic exploration of COLM variants

Abstract

Authenticated Encryption with Associated Data (AEAD) schemes have become a powerful solution for addressing contemporary security challenges. Within the recipients of recognition from the CAESAR competition, COLM AEAD emerges as a distinctive focus of interest within the realm of cryptanalysis. It draws significant attention, specifically in the context of endeavors related to universal forgery, retrieval of plaintext, and the exploration of tag guessing attacks. Recently, Ulusoy et al. (JISA 2022) proposed attacks on COLM by constructing simulation models of the encryption or decryption oracles of the underlying block cipher (SEBC or SDBC). To counter these attacks, they also suggested potential enhancements for COLM. Thus, this paper aims to delve into the security aspects of those variants of COLM discussed by Ulusoy et al. (JISA 2022). In this paper, firstly, we construct SEBC and SDBC of COLM with a generalized linear mixing function and propose all three types of attacks using SEBC and SDBC. While Datta et al. (IACR ToSC 2017) previously investigated the INT-RUP security of COLM with a generalized linear mixing function, the construction of SEBC/SDBC for such a scenario remained an open question until now. Additionally, we present a new SEBC/SDBC construction of COLM where the whitening mask $L$ is encrypted using a separate key distinct from the main key. Furthermore, we consider situations where the masking values in the associated data processing are altered, preventing conventional methods like Lu’s (ASIACCS 2017) from recovering $L$. Nevertheless, we propose an alternative method to recover $L$, facilitating cryptanalysis of this particular variant of COLM. This analysis sheds light on the security strengths and vulnerabilities of these variants, offering valuable insights for further advancements in COLM.