Paper 2017/260

Message-Recovery MACs and Verification-Unskippable AE

Shoichi Hirose, Yu Sasaki, and Kan Yasuda


This paper explores a new type of MACs called message-recovery MACs (MRMACs). MRMACs have an additional input $R$ that gets recovered upon verification. Receivers must execute verification in order to recover $R$, making the verification process unskippable. Such a feature helps avoid mis-implementing verification algorithms. The syntax and security notions of MRMACs are rigorously formulated. In particular, we formalize the notion of unskippability and present a construction of an unskippable MRMAC from a tweakable cipher and a universal hash function. Our construction is provided with formal security proofs. We extend the idea of MRMACs to a new type of authenticated encryption called verification-unskippable AE (VUAE). We propose a generic Enc-then-MRMAC composition which realizes VUAE. The encryption part needs to satisfy a new security notion called one-time undecipherability. We provide three constructions that are one-time undecipherable, and they are proven secure under various security models.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
message recovery MACsauthenticated encryptionunskippabilityone-time undecipherabilityCTR modeEven-MansourFX
Contact author(s)
hrs_shch @ u-fukui ac jp
2017-03-25: received
Short URL
Creative Commons Attribution


      author = {Shoichi Hirose and Yu Sasaki and Kan Yasuda},
      title = {Message-Recovery MACs and Verification-Unskippable AE},
      howpublished = {Cryptology ePrint Archive, Paper 2017/260},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.