Paper 2008/090

Improving upon HCTR and matching attacks for Hash-Counter-Hash approach

Mridul Nandi

Abstract

McGrew and Fluhrer first proposed hash-counter-hash approach to encrypt arbitrary length messages. By its nature, counter can handle incomplete message blocks as well as complete message blocks in the same manner. HCTR is the till date best (in terms of efficiency) strong pseudo random permutation or SPRP among all known counter based SPRPs. But as of now, a cubic bound for HCTR is known. Moreover, all invocations of underlying block ciphers can not be made in parallel. Our new proposal (we call it HMC or Hash Modified Counter) provides a quadratic security bound and all block cipher invocations are parallel in nature even if we have an incomplete message block. We also present a prp-distinguishing attack on a generic counter based encryption, which makes $q$ non-adaptive encryption queries consisting of $(\ell+1)$ $n$-bit blocks and has success probability roughly $\ell^2q^2/2^n$. Loosely speaking, the success probability matches with the upper bound of distinguishing probability. As a result, we prove that the known quadratic bounds for XCB, HCH and HMC are tight.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
mridul nandi @ gmail com
History
2008-02-28: received
Short URL
https://ia.cr/2008/090
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/090,
      author = {Mridul Nandi},
      title = {Improving upon HCTR and matching attacks for Hash-Counter-Hash approach},
      howpublished = {Cryptology ePrint Archive, Paper 2008/090},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/090}},
      url = {https://eprint.iacr.org/2008/090}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.