## Cryptology ePrint Archive: Report 2017/260

Message-Recovery MACs and Verification-Unskippable AE

Shoichi Hirose and Yu Sasaki and Kan Yasuda

Abstract: This paper explores a new type of MACs called message-recovery MACs (MRMACs). MRMACs have an additional input $R$ that gets recovered upon verification. Receivers must execute verification in order to recover $R$, making the verification process unskippable. Such a feature helps avoid mis-implementing verification algorithms. The syntax and security notions of MRMACs are rigorously formulated. In particular, we formalize the notion of unskippability and present a construction of an unskippable MRMAC from a tweakable cipher and a universal hash function. Our construction is provided with formal security proofs. We extend the idea of MRMACs to a new type of authenticated encryption called verification-unskippable AE (VUAE). We propose a generic Enc-then-MRMAC composition which realizes VUAE. The encryption part needs to satisfy a new security notion called one-time undecipherability. We provide three constructions that are one-time undecipherable, and they are proven secure under various security models.

Category / Keywords: secret-key cryptography / message recovery MACs, authenticated encryption, unskippability, one-time undecipherability, CTR mode, Even-Mansour, FX

Date: received 21 Mar 2017

Contact author: hrs_shch at u-fukui ac jp

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2017/260

[ Cryptology ePrint archive ]