Paper 2016/1174
Revisiting Full-PRF-Secure PMAC and Using It for Beyond-Birthday Authenticated Encryption
Eik List and Mridul Nandi
Abstract
This paper proposes an authenticated encryption scheme, called SIVx, that preserves BBB security also in the case of unlimited nonce reuses. For this purpose, we propose a single-key BBB-secure message authentication code with 2n-bit outputs, called PMAC2x, based on a tweakable block cipher. PMAC2x is motivated by PMAC_TBC1k by Naito; we revisit its security proof and point out an invalid assumption. As a remedy, we provide an alternative proof for our construction, and derive a corrected bound for PMAC_TBC1k.
Note: Revised the padding method in PMACx and PMAC2x to always append a 10^* padding to the input. Revised the definition of PMAC2x in for processing both associated data and message in SIVx, and added an injective encoding.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Major revision. CT-RSA 2017
- DOI
- 10.1007/978-3-319-52153-4_15
- Keywords
- message authentication codesauthenticated encryptionprovable security
- Contact author(s)
- eik list @ uni-weimar de
- History
- 2017-06-21: last of 2 revisions
- 2016-12-28: received
- See all versions
- Short URL
- https://ia.cr/2016/1174
- License
-
CC BY