Paper 2018/449
Key Prediction Security of Keyed Sponges
Bart Mennink
Abstract
The keyed sponge is a well-accepted method for message authentication. It processes data at a certain rate by sequential evaluation of an underlying permutation. If the key size $k$ is smaller than the rate, currently known bounds are tight, but if it exceeds the rate, state of the art only dictates security up to $2^{k/2}$. We take closer inspection at the key prediction security of the sponge and close the remaining gap in the existing security analysis: we confirm key security up to close to $2^k$, regardless of the rate. The result impacts all applications of the keyed sponge and duplex that process at a rate smaller than the key size, including the STROBE protocol framework, as well as the related constructions such as HMAC-SHA-3 and the sandwich sponge.
Note: Updated to ToSC-version.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in FSE 2019
- Keywords
- outer-keyed spongefull-keyed spongekey predictiongraph-based proof
- Contact author(s)
- b mennink @ cs ru nl
- History
- 2018-11-14: last of 2 revisions
- 2018-05-21: received
- See all versions
- Short URL
- https://ia.cr/2018/449
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/449, author = {Bart Mennink}, title = {Key Prediction Security of Keyed Sponges}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/449}, year = {2018}, url = {https://eprint.iacr.org/2018/449} }