You are looking at a specific version 20170304:141732 of this paper. See the latest version.

Paper 2017/220

Cryptanalysis of PMACx, PMAC2x, and SIVx

Kazuhiko Minematsu and Tetsu Iwata

Abstract

At CT-RSA 2017, List and Nandi proposed PMACx and PMAC2x which are variable input length pseudorandom functions (VO-PRFs) that use a tweakable block cipher (TBC) as the underlying primitive. These schemes are provably secure up to the query complexity of $2^n$, where $n$ denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of $O(2^{n/2})$, i.e., with the birthday complexity, PMACx and PMAC2x are both insecure. Furthermore, we consider a deterministic authenticated encryption scheme called SIVx. This scheme is built on PMAC2x, and is provably secure up to the query complexity of $2^n$. However, we show a birthday complexity attack against it.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
CryptanalysisPMACxPMAC2xSIVxprovable security
Contact author(s)
k-minematsu @ ah jp nec com
History
2017-06-07: revised
2017-03-04: received
See all versions
Short URL
https://ia.cr/2017/220
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.