Paper 2017/535

ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication

Tetsu Iwata, Kazuhiko Minematsu, Thomas Peyrin, and Yannick Seurin

Abstract

We propose a new mode of operation called ZMAC allowing to construct a (stateless and deterministic) message authentication code (MAC) from a tweakable block cipher (TBC). When using a TBC with $n$-bit blocks and $t$-bit tweaks, our construction provides security (as a variable-input-length PRF) beyond the birthday bound with respect to the block-length $n$ and allows to process $n+t$ bits of inputs per TBC call. In comparison, previous TBC-based modes such as PMAC1, the TBC-based generalization of the seminal PMAC mode (Black and Rogaway, EUROCRYPT 2002) or PMAC_TBC1k (Naito, ProvSec 2015) only process $n$ bits of input per TBC call. Since an $n$-bit block, $t$-bit tweak TBC can process at most $n+t$ bits of input per call, the efficiency of our construction is essentially optimal, while achieving beyond-birthday-bound security. The ZMAC mode is fully parallelizable and can be directly instantiated with several concrete TBC proposals, such as Deoxys and SKINNY. We also use ZMAC to construct a stateless and deterministic Authenticated Encryption scheme called ZAE which is very efficient and secure beyond the birthday bound.

Note: Added new possible instances using "key + tweak" constructions, corrected Skinny performance estimations

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in CRYPTO 2017
Keywords
message authentication codetweakable block cipherauthenticated encryption
Contact author(s)
yannick seurin @ m4x org
thomas peyrin @ ntu edu sg
k-minematsu @ ah jp nec com
tetsu iwata @ nagoya-u jp
History
2017-12-15: last of 2 revisions
2017-06-07: received
See all versions
Short URL
https://ia.cr/2017/535
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/535,
      author = {Tetsu Iwata and Kazuhiko Minematsu and Thomas Peyrin and Yannick Seurin},
      title = {ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2017/535},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/535}},
      url = {https://eprint.iacr.org/2017/535}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.