Paper 2017/831

Security Proof of JAMBU under Nonce Respecting and Nonce Misuse Cases

Geng Wang, Haiyang Zhang, and Fengmei Liu

Abstract

JAMBU is an AEAD mode of operation which entered the third round of CAESAR competition. However, it does not have a security proof like other modes of operation do, and there was a cryptanalysis result that has overthrown the security claim under nonce misuse case by the designers. In this paper, we complement the shortage of the scheme by giving security proofs of JAMBU both under nonce respecting case and nonce misuse case. We prove that JAMBU under nonce respecting case has a slightly lower security than the birthday bound of $n$ bits, and JAMBU under nonce misuse case has a tight security bound of $n/2$ bits.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
JAMBUCAESAR CompetitionProvable SecurityNonce-Misuse Resistance
Contact author(s)
cnpkw @ 126 com
History
2018-03-22: revised
2017-08-31: received
See all versions
Short URL
https://ia.cr/2017/831
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/831,
      author = {Geng Wang and Haiyang Zhang and Fengmei Liu},
      title = {Security Proof of JAMBU under Nonce Respecting and Nonce Misuse Cases},
      howpublished = {Cryptology ePrint Archive, Paper 2017/831},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/831}},
      url = {https://eprint.iacr.org/2017/831}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.