Revisiting Full-PRF-Secure PMAC and Using It for Beyond-Birthday Authenticated Encryption
نویسندگان
چکیده
This paper proposes an authenticated encryption scheme, called SIVx, that preserves BBB security also without the requirement for nonces. For this purpose, we propose a single-key BBB-secure message authentication code with 2n-bit outputs, called PMAC2x, based on a tweakable block cipher. PMAC2x is motivated by PMAC TBC1k by Naito; we revisit its security proof and point out an invalid assumption. As a remedy, we provide an alternative proof for our construction, and derive a corrected bound for PMAC TBC1k.
منابع مشابه
ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication
We propose a new mode of operation called ZMAC allowing to construct a (stateless and deterministic) message authentication code (MAC) from a tweakable block cipher (TBC). When using a TBC with n-bit blocks and t-bit tweaks, our construction provides security (as a variable-input-length PRF) beyond the birthday bound with respect to the block-length n and allows to process n + t bits of inputs ...
متن کاملBlockcipher-based MACs: Beyond the Birthday Bound without Message Length
We present blockcipher-based MACs (Message Authentication Codes) that have beyond the birthday bound security without message length in the sense of PRF (Pseudo-Random Function) security. Achieving such security is important in constructing MACs using blockciphers with short block sizes (e.g., 64 bit). Luykx et al. (FSE 2016) proposed LightMAC, the first blockcipher-based MAC with such security...
متن کاملA New Variant of PMAC: Beyond the Birthday Bound
We propose a PMAC-type mode of operation that can be used as a highly secure MAC (Message Authentication Code) or PRF (Pseudo-Random Function). Our scheme is based on the assumption that the underlying n-bit blockcipher is a pseudo-random permutation. Our construction, which we call PMAC Plus, involves extensive modification to PMAC, requiring three blockcipher keys. The PMAC Plus algorithm is ...
متن کاملCounter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers
We propose the Synthetic Counter-in-Tweak (SCT) mode, which turns a tweakable block cipher into a nonce-based authenticated encryption scheme (with associated data). The SCT mode combines in a SIV-like manner a Wegman-Carter MAC inspired from PMAC for the authentication part and a new counter-like mode for the encryption part, with the unusual property that the counter is applied on the tweak i...
متن کاملArtemia: a family of provably secure authenticated encryption schemes
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016