<![CDATA[This study evaluates and verifies the cryptanalysis of Peyrin \textit{et al.} on the SIMON-JAMBU64/96 Authenticated Encryption (AE) scheme, with the aim of extending the attack to a reduced number of tuples. We adopt both formal analysis and experimental validation, constructing collision-based distinguishers under a chosen-IV model and testing them with a decryption oracle. The main contribution is the demonstration that a distinguishing attack can be performed with just two tuples, showing that JAMBU is more vulnerable than previously assumed. We provide a detailed comparison of data complexity, where the two-tuple attack achieves a lower cost in the second phase ($4 \cdot 2^{48}$ queries) than the three-tuple attack ($6 \cdot 2^{48}$), at the expense of extra verification effort in the third phase. Overall, our results confirm that the SIMON-JAMBU64/96 scheme is susceptible to distinguishing, plaintext forgery, and plaintext-recovery attacks, thereby reaffirming and extending the findings of Peyrin \textit{et al.} to scenarios with more limited adversarial resources.]]>
Copyrights © 2025
