Cryptology ePrint Archive: Report 2016/1174
Revisiting Full-PRF-Secure PMAC and Using It for Beyond-Birthday Authenticated Encryption
Eik List and Mridul Nandi
Abstract: This paper proposes an authenticated encryption scheme, called SIVx, that preserves BBB security also in the case of unlimited nonce reuses. For this purpose, we propose a single-key BBB-secure message authentication code with 2n-bit outputs, called PMAC2x, based on a tweakable block cipher. PMAC2x is motivated by PMAC_TBC1k by Naito; we revisit its security proof and point out an invalid assumption. As a remedy, we provide an alternative proof for our construction, and derive a corrected bound for PMAC_TBC1k.
Category / Keywords: secret-key cryptography / message authentication codes, authenticated encryption, provable security
Original Publication (with major differences): CT-RSA 2017
Date: received 21 Dec 2016, last revised 9 Mar 2017
Contact author: eik list at uni-weimar de
Available format(s): PDF | BibTeX Citation
Note: Revised the padding method in PMACx and PMAC2x to always append a 10^* padding to the input. Revised the definition of PMAC2x in for processing both associated data and message in SIVx, and added an injective encoding.
Version: 20170309:094845 (All versions of this report)
Short URL: ia.cr/2016/1174
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]