Cryptology ePrint Archive: Report 2017/708

Reconsidering the Security Bound of AES-GCM-SIV

Tetsu Iwata and Yannick Seurin

Abstract: We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.

Category / Keywords: secret-key cryptography / authenticated encryption, AEAD, GCM-SIV, AES-GCM-SIV, CAESAR competition

Date: received 18 Jul 2017, last revised 20 Jul 2017

Contact author: tetsu iwata at nagoya-u jp, yannick seurin@m4x org

Available format(s): PDF | BibTeX Citation

Version: 20170725:171054 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]