IACR News item: 04 August 2025
Nick Aquina, Simon Rommel, Idelfonso Tafur Monroy
ePrint Report
Cascader has been introduced as a new key exchange protocol based on iterative multiplicative recurrence. This short note presents a practical shared key recovery attack on the Cascader key exchange protocol. This note also shows that Cascader as a hash function is not collision resistant, presents a new upper bound on the output space of Cascader and shows that a Cascader-based KDF is not secure against an Adaptive Chosen Public Inputs Attack (CPM).
Additional news items may be found on the IACR news page.