Cryptology ePrint Archive: Report 2017/220

Cryptanalysis of PMACx, PMAC2x, and SIVx

Kazuhiko Minematsu and Tetsu Iwata

Abstract: At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of $2^n$, where $n$ denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of $O(2^{n/2})$, i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

Category / Keywords: secret-key cryptography / Cryptanalysis, PMACx, PMAC2x, SIVx, provable security

Original Publication (in the same form): IACR-FSE-2018

Date: received 2 Mar 2017, last revised 7 Jun 2017

Contact author: k-minematsu at ah jp nec com

Available format(s): PDF | BibTeX Citation

Version: 20170607:082957 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]