Subject: POETic update From: Stefan.Lucks@uni-weimar.de Date: Wed, 16 Apr 2014 14:32:02 +0200 (CEST) To: CAESAR mailing list Message-ID: User-Agent: Alpine 2.10 (DEB 1266 2009-07-14) Dear all, thanks to Mohamed Ahmed Abdelraheem, Andrey Bogdanov and Elmar Tischhauser, who applied the observations of Cid and Procter to POET and thus, concretized the risk of weak keys when using a multiplication in GF(2^{128}) for hashing. Thanks also for the comments by Markku Saarinen on the mailing list. When we designed POET, we started with two variants using 4-round AES and full-AES as a universal hash function. We considered it interesting to amend these two with a third variant using Galois-Field multiplication for the same purpose, but we failed to properly research the risk of weak keys for that case. As it turned out, the weak key probability is too high to use that variant of POET with any comfort. Therefore, we withdraw the POET variant with Galois-Field multiplications. We maintain our support for the variants with 4-round AES and full AES. An updated version of POET (1.2) can be found at + Best Regards, The POET Team ------ I love the taste of Cryptanalysis in the morning! ------ --Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany--