This is an old revision of the document!
In the preproceedings version of the POET paper from FSE 2014, a simple ciphertext forgery attack by [Guo-Jean-Peyrin-Wang]1) was possible using a single known ciphertext/tag pair, under the condition that the message consists of at least 3 blocks. The attack was facitated by an incorrect formulation of POET in the preproceedings version, as was pointed out by Stefan Lucks in this discussion on the Cryptographic Competitions group, and is no longer applicable to the CAESAR candidate POET.
Type | Number of Queries | Reference | Comment |
---|---|---|---|
Forgery | 1 | Guo, Jean, Peyrin and Lei1) | Applied to FSE pre-proceedings version |