QARMAGEDDON competition
201 views
Skip to first unread message
Roberto Avanzi
Aug 1, 2023, 6:45:24 AM8/1/23
to lwc-forum
Dear Lightweighters,
it is time for me to spam the list and announce a new competition. As you remember, Qameleon (a combination of QARMA with a mode of operation) did not pass Round 1, most likely not because of the typo in the mode but because memory encryption is not entirely in the scope of the NIST LWC competition. However, we believe that the cipher is solid and we teamed up to design a revised version: QARMAv2, which all of you know from the ePrint https://eprint.iacr.org/2023/929 Please consider the most recent version, as it includes a new S-Box.
We are also announcing a competition to cryptanalyse it, the
*** QARMAGEDDON Competition ***
STATUTE.
Goal: Break as many rounds as possible of QARMAv2-64 and QARMAv2-128.
Important Dates:
Beginning: Web site with more info up soon, but you can start right now!
Deadline: February 25th, 2024, i.e. one month before FSE 2024 - the idea is to announce at the Rump Session, if the Chairs permit.
Important Dates:
Beginning: Web site with more info up soon, but you can start right now!
Deadline: February 25th, 2024, i.e. one month before FSE 2024 - the idea is to announce at the Rump Session, if the Chairs permit.
Jury:
- Roberto Avanzi (Chair, Arm Architecture and Technology Group, Munich, Germany and Caesarea Rothschild Institute, Haifa, Israel)
- Orr Dunkelman (University of Haifa, Israel)
- Maria Eichlseder (Graz University of Technology, Austria)
- Francesco Regazzoni (University of Amsterdam, The Netherlands and Università della Svizzera Italiana, Lugano, Switzerland), and
- Hugo Vincent (Arm Architecture and Technology Group, Cambridge, UK).
Two categories: QARMAv2-64 and QARMAv2-128. A single submission can apply to one or both categories.
Cryptanalytic techniques: Any type of classical cryptanalysis allowed. Quantum-computer assisted cryptanalysis is out of scope.
Format of submission: Submissions are not required to be anonymous.
They should be formatted in the form of an academic paper.
Use the unmodified IACR ToSC/ToCHES format, please do not exceed the length of a "normal paper" (20 pages before Bibliography and appendices).
We will announce in due time how to submit.
Jackpot: 10K (ten thousand) USD, sponsored by Arm, to be divided among the prize winners as determined by the Jury.
Criteria for prize giving:
Criteria for prize giving:
1. Number of rounds broken, counted as S-Box layers, provided the security margins claimed in the paper are broken,
2. For the same number of rounds, including the central construction and at least one round per side, and then
2. For the same number of rounds, including the central construction and at least one round per side, and then
3. Time * Data product or Time * Memory whichever is greater. Time includes offline computations.
Important: By submitting an attack to the competition, the authors agree to guarantee the Jury and their coauthors in https://eprint.iacr.org/2023/929 and any follow-up paper on the subject of QARMA the right to cite their submission, link to it, and attach it in the form of separate documents as supplementary supporting documentation to any standardisation proposal. Attachment may be necessary in case the attack is not published in the meantime. No authorship modification will be requested from the Jury, in other words citing/linking and attaching as supplementary supporting documentation will be performed following highest academic ethical principles. The Jury may propose some editorial changes. In case the analysis should require a change in the design, authors of the analysis that prompted the change may or may not be asked to join the standardisation proposal team. We will try to be as inclusive and open as possible. However, any proposed change to the design shall follow the same criteria as in QARMA and QARMAv2, namely that the resulting design shall be released in the public domain, with no patents intersecting it, and the corresponding source code be made available under a BSD 3-clause license or compatible.
Usual conflicts of interest: People from the universities and companies involved in the Jury at the moment of this announcement cannot participate. However, we do not exclude collaborators of recent papers. There will be the usual legal constraints about people from certain countries to which we may not be able to pay monetary prices or deliver goods (if they want, they are participating only for glory and fame: we are very sorry, but politics often interferes). Such constraints will be announced timely.
Disclaimer 1: All jury decisions are final, and the Jury reserved to award only part of the jackpot or no prize if no sufficiently good attacks are submitted.
Disclaimer 2: Any part of the above statute is subject to changes that are effective at the moment they are announced. Any change will supersede the previous version and make it null and void.
happy analysing!
Roberto Avanzi
Reply all
Reply to author
Forward
0 new messages