Paper 2017/848

Single Key Variant of PMAC_Plus

Nilanjan Datta, Avijit Dutta, Mridul Nandi, Goutam Paul, and Liting Zhang

Abstract

In CRYPTO 2011, Yasuda proposed PMAC_Plus message authentication code based on an $n$-bit block cipher. Its design principle inherits the well known PMAC parallel network with a low additional cost. PMAC_Plus is a rate-$1$ construction like PMAC (i.e., one block cipher call per $n$-bit message block) but provides security against all adversaries making queries altogether consisting of roughly upto $2^{2n/3}$ blocks (strings of $n$-bits). Even though PMAC_Plus gives higher security than the standard birthday bound security, with currently available best bound, it provides weaker security than PMAC for certain choices of adversaries. Moreover, unlike PMAC, PMAC_Plus operates with three independent block cipher keys. In this paper, we propose 1k-PMAC_Plus, the first rate-$1$ single keyed block cipher based BBB (Beyond Birthday Bound) secure (in standard model) deterministic MAC construction without arbitrary field multiplications. Our construction is a simple one-key variant of PMAC_Plus. Moreover, we show higher security guarantee than what was proved originally for PMAC_Plus. Our proven bound shows that PMAC_Plus and 1k-PMAC_Plus always provide higher security guarantee than what was promised by PMAC against all types of adversaries.

Note: In this paper we have corrected the flaw in the security proof of 1k_PMAC+ as reported in Report 2015/958.