Paper 2016/525

EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC

Benoît Cogliati and Yannick Seurin

Abstract

We propose a nonce-based MAC construction called EWCDM (Encrypted Wegman-Carter with Davies-Meyer), based on an almost xor-universal hash function and a block cipher, with the following properties: (i) it is simple and efficient, requiring only two calls to the block cipher, one of which can be carried out in parallel to the hash function computation; (ii) it is provably secure beyond the birthday bound when nonces are not reused; (iii) it provably retains security up to the birthday bound in case of nonce misuse. Our construction is a simple modification of the Encrypted Wegman-Carter construction, which is known to achieve only (i) and (iii) when based on a block cipher. Underlying our new construction is a new PRP-to-PRF conversion method coined Encrypted Davies-Meyer, which turns a pair of secret random permutations into a function which is provably indistinguishable from a perfectly random function up to at least $2^{2n/3}$ queries, where $n$ is the bit-length of the domain of the permutations.

Note: An abridged version appears in the proceedings of CRYPTO 2016. This is the full version.

Metadata
Available format(s)
PDF
Publication info
A major revision of an IACR publication in CRYPTO 2016
Keywords
Wegman-Carter MACDavies-Meyer constructionnonce-misuse resistancebeyond-birthday-bound security
Contact author(s)
benoitcogliati @ hotmail fr
yannick seurin @ m4x org
History
2016-05-29: received
Short URL
https://ia.cr/2016/525
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/525,
      author = {Benoît Cogliati and Yannick Seurin},
      title = {EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC},
      howpublished = {Cryptology ePrint Archive, Paper 2016/525},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/525}},
      url = {https://eprint.iacr.org/2016/525}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.