Paper 2013/792

Improved Authenticity Bound of EAX, and Refinements

Kazuhiko Minematsu, Stefan Lucks, and Tetsu Iwata

Abstract

EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only data is acceptable. This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime. We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.

Note: This is a full version of a paper appeared at Provable Security 2013, 7th International Conference, ProvSec 2013, Melaka, Malaysia, October 23-25, 2013.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. Provable Security (ProvSec) 2013
DOI
10.1007/978-3-642-41227-1
Keywords
Authenticated encryptionEAXsecurity bound
Contact author(s)
k-minematsu @ ah jp nec com
History
2013-11-30: received
Short URL
https://ia.cr/2013/792
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/792,
      author = {Kazuhiko Minematsu and Stefan Lucks and Tetsu Iwata},
      title = {Improved Authenticity Bound of {EAX}, and Refinements},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/792},
      year = {2013},
      doi = {10.1007/978-3-642-41227-1},
      url = {https://eprint.iacr.org/2013/792}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.