Paper 2008/090
Improving upon HCTR and matching attacks for Hash-Counter-Hash approach
Mridul Nandi
Abstract
McGrew and Fluhrer first proposed hash-counter-hash approach to encrypt arbitrary length messages. By its nature, counter can handle incomplete message blocks as well as complete message blocks in the same manner. HCTR is the till date best (in terms of efficiency) strong pseudo random permutation or SPRP among all known counter based SPRPs. But as of now, a cubic bound for HCTR is known. Moreover, all invocations of underlying block ciphers can not be made in parallel. Our new proposal (we call it HMC or Hash Modified Counter) provides a quadratic security bound and all block cipher invocations are parallel in nature even if we have an incomplete message block. We also present a prp-distinguishing attack on a generic counter based encryption, which makes $q$ non-adaptive encryption queries consisting of $(\ell+1)$ $n$-bit blocks and has success probability roughly $\ell^2q^2/2^n$. Loosely speaking, the success probability matches with the upper bound of distinguishing probability. As a result, we prove that the known quadratic bounds for XCB, HCH and HMC are tight.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Contact author(s)
- mridul nandi @ gmail com
- History
- 2008-02-28: received
- Short URL
- https://ia.cr/2008/090
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2008/090, author = {Mridul Nandi}, title = {Improving upon {HCTR} and matching attacks for Hash-Counter-Hash approach}, howpublished = {Cryptology {ePrint} Archive, Paper 2008/090}, year = {2008}, url = {https://eprint.iacr.org/2008/090} }