Cryptology ePrint Archive: Report 2017/535

ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication

Tetsu Iwata and Kazuhiko Minematsu and Thomas Peyrin and Yannick Seurin

Abstract: We propose a new mode of operation called ZMAC allowing to construct a (stateless and deterministic) message authentication code (MAC) from a tweakable block cipher (TBC). When using a TBC with $n$-bit blocks and $t$-bit tweaks, our construction provides security (as a variable-input-length PRF) beyond the birthday bound with respect to the block-length $n$ and allows to process $n+t$ bits of inputs per TBC call. In comparison, previous TBC-based modes such as PMAC1, the TBC-based generalization of the seminal PMAC mode (Black and Rogaway, EUROCRYPT 2002) or PMAC_TBC1k (Naito, ProvSec 2015) only process $n$ bits of input per TBC call. Since an $n$-bit block, $t$-bit tweak TBC can process at most $n+t$ bits of input per call, the efficiency of our construction is essentially optimal, while achieving beyond-birthday-bound security. The ZMAC mode is fully parallelizable and can be directly instantiated with several concrete TBC proposals, such as Deoxys and SKINNY. We also use ZMAC to construct a stateless and deterministic Authenticated Encryption scheme called ZAE which is very efficient and secure beyond the birthday bound.

Category / Keywords: message authentication code, tweakable block cipher, authenticated encryption

Original Publication (in the same form): IACR-CRYPTO-2017

Date: received 5 Jun 2017, last revised 17 Jun 2017

Contact author: yannick seurin at m4x org, thomas peyrin@ntu edu sg, k-minematsu@ah jp nec com, tetsu iwata@nagoya-u jp

Available format(s): PDF | BibTeX Citation

Version: 20170617:141101 (All versions of this report)

Short URL: ia.cr/2017/535

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]