Generic Attacks Against Beyond-Birthday-Bound MACs

Leurent, Gaëtan; Nandi, Mridul; Sibleyras, Ferdinand

doi:10.1007/978-3-319-96884-1_11

Cited by 17 publications

(7 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Open Problem II: In a very recent work of Leurent et al [LNS18], SUM-ECBC, PMAC_Plus, 3kf9, LightMAC_Plus and their reduced keyed-variant have been attacked with the query complexity 2 3n/4 . We believe that all these constructions can also be proven secured upto 2 3n/4 , and hence establishing the tightness of the bound.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Double-block Hash-then-Sum: A Paradigm for Constructing BBB Secure PRF

Datta

Dutta

Nandi

et al. 2018

ToSC

Self Cite

View full text Add to dashboard Cite

SUM-ECBC (Yasuda, CT-RSA 2010) is the first beyond birthday bound (BBB) secure block cipher based deterministic MAC. After this work, some more BBB secure deterministic MACs have been proposed, namely PMAC_Plus (Yasuda, CRYPTO 2011), 3kf9 (Zhang et al., ASIACRYPT 2012) and LightMAC_Plus (Naito, ASIACRYPT 2017). In this paper, we have abstracted out the inherent design principle of all these BBB secure MACs and present a generic design paradigm to construct a BBB secure pseudo random function, namely Double-block Hash-then- Sum or in short (DbHtS). A DbHtS construction, as the name implies, computes a double block hash on the message and then sum the encrypted output of the two hash blocks. Our result renders that if the underlying hash function meets certain security requirements (namely cover-free and block-wise universal advantage is low), DbHtS construction provides 2n/3-bit security. We demonstrate the applicability of our result by instantiating all the existing beyond birthday secure deterministic MACs (e.g., SUM-ECBC, PMAC_Plus, 3kf9, LightMAC_Plus) as well as a simple two-keyed variant for each of them and some algebraic hash based constructions.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Very recently, Leurent et al [LNS18] have shown attacks on all these constructions with 2 3n/4 query complexity. This raises an interesting future problem to study the tightness of PRF security of these constructions.…”

Section: Our Contributionsmentioning

confidence: 99%

Double-block Hash-then-Sum: A Paradigm for Constructing BBB Secure PRF

Datta

Dutta

Nandi

et al. 2018

ToSC

Self Cite

View full text Add to dashboard Cite

show abstract

“…We do not claim that our observations are novel. Instead, both are applications of [LNS18] and [Men18]. The latter, however, is an information-theoretic distinguisher that uses O( √ n • 2 3n/4 ) queries, but the description by Mennink demands O(2 3n/2 ) offline operations to identify the required pairs.…”

Section: Distinguishers On Tntmentioning

confidence: 99%

Towards Closing the Security Gap of Tweak-aNd-Tweak (TNT)

Guo

List

et al. 2020

Advances in Cryptology – ASIACRYPT 2020

View full text Add to dashboard Cite

show abstract

“…Datta et al [DDNP18] coined the term Double-Block Hash-then-Sum (DbHtS) for this approach in general. Leurent et al [LNS18] proposed generic attacks on DbHtS constructions with a query complexity of O(2 3n/4 ). Very recently, Kim et al [KLL20] showed that the bound of O(2 3n/4 ) queries for DbHtS MACs is tight.…”

Section: Introductionmentioning

confidence: 99%

“…Note that we considered only constructions based on tweakable block ciphers. For example, while the DbHtS constructions [LNS18] are comparable in structure, they are built from classical block ciphers. Since those are weaker primitives, comparing with those constructions would be unfair to our advantage.…”

Section: Introductionmentioning

confidence: 99%

Highly Secure Nonce-based MACs from the Sum of Tweakable Block Ciphers

Choi

Inoue

Lee

et al. 2020

ToSC

View full text Add to dashboard Cite

Tweakable block ciphers (TBCs) have proven highly useful to boost the security guarantees of authentication schemes. In 2017, Cogliati et al. proposed two MACs combining TBC and universal hash functions: a nonce-based MAC called NaT and a deterministic MAC called HaT. While both constructions provide high security, their properties are complementary: NaT is almost fully secure when nonces are respected (i.e., n-bit security, where n is the block size of the TBC, and no security degradation in terms of the number of MAC queries when nonces are unique), while its security degrades gracefully to the birthday bound (n/2 bits) when nonces are misused. HaT has n-bit security and can be used naturally as a nonce-based MAC when a message contains a nonce. However, it does not have full security even if nonces are unique.This work proposes two highly secure and efficient MACs to fill the gap: NaT2 and eHaT. Both provide (almost) full security if nonces are unique and more than n/2-bit security when nonces can repeat. Based on NaT and HaT, we aim at achieving these properties in a modular approach. Our first proposal, Nonce-as-Tweak2 (NaT2), is the sum of two NaT instances. Our second proposal, enhanced Hash-as-Tweak (eHaT), extends HaT by adding the output of an additional nonce-depending call to the TBC and prepending nonce to the message. Despite the conceptual simplicity, the security proofs are involved. For NaT2 in particular, we rely on the recent proof framework for Double-block Hash-then-Sum by Kim et al. from Eurocrypt 2020.

show abstract

Generic Attacks Against Beyond-Birthday-Bound MACs

Cited by 17 publications

References 41 publications

Double-block Hash-then-Sum: A Paradigm for Constructing BBB Secure PRF

Double-block Hash-then-Sum: A Paradigm for Constructing BBB Secure PRF

Towards Closing the Security Gap of Tweak-aNd-Tweak (TNT)

Highly Secure Nonce-based MACs from the Sum of Tweakable Block Ciphers

Contact Info

Product

Resources

About