You are looking at a specific version 20171124:133103 of this paper.
See the latest version.
Paper 2017/708
Reconsidering the Security Bound of AES-GCM-SIV
Tetsu Iwata and Yannick Seurin
Abstract
We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. IACR Trans. Symmetric Cryptol. 2017(4)
- Keywords
- authenticated encryptionAEADGCM-SIVAES-GCM-SIVCAESAR competition
- Contact author(s)
-
tetsu iwata @ nagoya-u jp
yannick seurin @ m4x org - History
- 2017-11-24: revised
- 2017-07-25: received
- See all versions
- Short URL
- https://ia.cr/2017/708
- License
-
CC BY