Paper 2018/449

Key Prediction Security of Keyed Sponges

Bart Mennink

Abstract

The keyed sponge is a well-accepted method for message authentication. It processes data at a certain rate by sequential evaluation of an underlying permutation. If the key size $k$ is smaller than the rate, currently known bounds are tight, but if it exceeds the rate, state of the art only dictates security up to $2^{k/2}$. We take closer inspection at the key prediction security of the sponge and close the remaining gap in the existing security analysis: we confirm key security up to close to $2^k$, regardless of the rate. The result impacts all applications of the keyed sponge and duplex that process at a rate smaller than the key size, including the STROBE protocol framework, as well as the related constructions such as HMAC-SHA-3 and the sandwich sponge.

Note: Updated to ToSC-version.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2019
Keywords
outer-keyed spongefull-keyed spongekey predictiongraph-based proof
Contact author(s)
b mennink @ cs ru nl
History
2018-11-14: last of 2 revisions
2018-05-21: received
See all versions
Short URL
https://ia.cr/2018/449
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/449,
      author = {Bart Mennink},
      title = {Key Prediction Security of Keyed Sponges},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/449},
      year = {2018},
      url = {https://eprint.iacr.org/2018/449}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.