A Keyed Sponge Construction with Pseudorandomness in the Standard Model
نویسندگان
چکیده
The sponge construction, designed by Bertoni, Daemen, Peeters, and Ass cheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spon gent. The designers give a keyed sponge construction by prepending the message with key and prove a bound on its pseudorandomness in the ideal permutation model . In this paper we give a different keyed sponge construction that is based on the Even-Mansour permutation and prove its pseudorandomness in the standard model.
منابع مشابه
Security of Keyed Sponge Constructions Using a Modular Proof Approach
Sponge functions were originally proposed for hashing, but find increasingly more applications in keyed constructions, such as encryption and authentication. Depending on how the key is used we see two main types of keyed sponges in practice: inner and outer -keyed. Earlier security bounds, mostly due to the well-known sponge indifferentiability result, guarantee a security level of c/2 bits wi...
متن کاملSecurity of Full-State Keyed and Duplex Sponge: Applications to Authenticated Encryption
We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The ...
متن کاملSecurity of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption
We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The ...
متن کاملOn the security of the keyed sponge construction
The advantage in differentiating the sponge construction from a random oracle is upper bounded by N22−(c+1), with N the number of calls to the underlying transformation or permutation and c the capacity, resulting in an expected time complexity of N ∼ 2. In this paper we prove that the advantage in distinguishing a keyed sponge from a random oracle is much smaller in typical use cases. In parti...
متن کاملTight Bounds for Keyed Sponges and Truncated CBC
We prove (nearly) tight bounds on the concrete PRF-security of two constructions of message-authentication codes (MACs): (1) The truncated CBC-MAC construction, which operates as plain CBC-MAC (without prefix-free encoding of messages), but only returns a subset of the output bits. (2) The MAC derived from the sponge hash-function family by pre-pending a key to the message, which is the de-fact...
متن کامل