Paper 2017/220
Cryptanalysis of PMACx, PMAC2x, and SIVx
Kazuhiko Minematsu and Tetsu Iwata
Abstract
At CT-RSA 2017, List and Nandi proposed PMACx and PMAC2x which are variable input length pseudorandom functions (VO-PRFs) that use a tweakable block cipher (TBC) as the underlying primitive. These schemes are provably secure up to the query complexity of $2^n$, where $n$ denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of $O(2^{n/2})$, i.e., with the birthday complexity, PMACx and PMAC2x are both insecure. Furthermore, we consider a deterministic authenticated encryption scheme called SIVx. This scheme is built on PMAC2x, and is provably secure up to the query complexity of $2^n$. However, we show a birthday complexity attack against it.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- CryptanalysisPMACxPMAC2xSIVxprovable security
- Contact author(s)
- k-minematsu @ ah jp nec com
- History
- 2017-06-07: revised
- 2017-03-04: received
- See all versions
- Short URL
- https://ia.cr/2017/220
- License
-
CC BY