Paper 2013/792

Improved Authenticity Bound of EAX, and Refinements

Kazuhiko Minematsu, Stefan Lucks, and Tetsu Iwata


EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to $O(2^{n/2})$ data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only $(2^{n/3})$ data is acceptable. This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to $O(2^{n/2})$ data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime. We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.

Note: This is a full version of a paper appeared at Provable Security 2013, 7th International Conference, ProvSec 2013, Melaka, Malaysia, October 23-25, 2013.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Major revision. Provable Security (ProvSec) 2013
Authenticated encryptionEAXsecurity bound
Contact author(s)
k-minematsu @ ah jp nec com
2013-11-30: received
Short URL
Creative Commons Attribution


      author = {Kazuhiko Minematsu and Stefan Lucks and Tetsu Iwata},
      title = {Improved Authenticity Bound of EAX, and Refinements},
      howpublished = {Cryptology ePrint Archive, Paper 2013/792},
      year = {2013},
      doi = {10.1007/978-3-642-41227-1},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.