Paper 2017/220

Cryptanalysis of PMACx, PMAC2x, and SIVx

Kazuhiko Minematsu and Tetsu Iwata

Abstract

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of $2^n$, where $n$ denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of $O(2^{n/2})$, i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in FSE 2018
Keywords
CryptanalysisPMACxPMAC2xSIVxprovable security
Contact author(s)
k-minematsu @ ah jp nec com
History
2017-06-07: revised
2017-03-04: received
See all versions
Short URL
https://ia.cr/2017/220
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/220,
      author = {Kazuhiko Minematsu and Tetsu Iwata},
      title = {Cryptanalysis of PMACx, PMAC2x, and SIVx},
      howpublished = {Cryptology ePrint Archive, Paper 2017/220},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/220}},
      url = {https://eprint.iacr.org/2017/220}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.