### Improved Authenticity Bound of EAX, and Refinements

Kazuhiko Minematsu, Stefan Lucks, and Tetsu Iwata

##### Abstract

EAX is a mode of operation for blockciphers to implement an authenticated encryption. The original paper of EAX proved that EAX is unforgeable up to $O(2^{n/2})$ data with one verification query. However, this generally guarantees a rather weak bound for the unforgeability under multiple verification queries, i.e., only $(2^{n/3})$ data is acceptable. This paper provides an improvement over the previous security proof, by showing that EAX is unforgeable up to $O(2^{n/2})$ data with multiple verification queries. Our security proof is based on the techniques appeared in a paper of FSE 2013 by Minematsu et al. which studied the security of a variant of EAX called EAX-prime. We also provide some ideas to reduce the complexity of EAX while keeping our new security bound. In particular, EAX needs three blockcipher calls and keep them in memory as a pre-processing, and our proposals can effectively reduce three calls to one call. This would be useful when computational power and memory are constrained.

Note: This is a full version of a paper appeared at Provable Security 2013, 7th International Conference, ProvSec 2013, Melaka, Malaysia, October 23-25, 2013.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. MAJOR revision.Provable Security (ProvSec) 2013
DOI
10.1007/978-3-642-41227-1
Keywords
Authenticated encryptionEAXsecurity bound
Contact author(s)
k-minematsu @ ah jp nec com
History
Short URL
https://ia.cr/2013/792

CC BY

BibTeX

@misc{cryptoeprint:2013/792,
author = {Kazuhiko Minematsu and Stefan Lucks and Tetsu Iwata},
title = {Improved Authenticity Bound of EAX, and Refinements},
howpublished = {Cryptology ePrint Archive, Paper 2013/792},
year = {2013},
doi = {10.1007/978-3-642-41227-1},
note = {\url{https://eprint.iacr.org/2013/792}},
url = {https://eprint.iacr.org/2013/792}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.