Paper 2022/375

A Note on the Security Framework of Two-key DbHtS MACs

Tingting Guo and Peng Wang


Double-block Hash-then-Sum (DbHtS) MACs are a class of MACs achieve beyond-birthday-bound (BBB) security, including SUM-ECBC, PMAC_Plus, 3kf9 and LightMAC_Plus etc. Recently, Shen et al. (Crypto 2021) proposed a security framework for two-key DbHtS MACs in the multi-user setting, stating that when the underlying blockcipher is ideal and the universal hash function is regular and almost universal, the two-key DbHtS MACs achieve 2n/3-bit security. Unfortunately, the regular and universal properties can not guarantee the BBB security of two-key DbHtS MACs. We propose three counter-examples which are proved to be 2n/3-bit secure in the multi-user setting by the framework, but can be broken with probability 1 using only O(2^{n/2}) queries even in the single-user setting. We also point out the miscalculation in their proof leading to such a flaw. However, we haven’t found attacks against 2k-SUM-ECBC, 2k-PMAC_Plus and 2k-LightMAC_Plus proved 2n/3-bit security in their paper.

Available format(s)
Secret-key cryptography
Publication info
Preprint. Minor revision.
MACDbHtSBeyond-birthday-bound securityMulti-user security
Contact author(s)
guotingting @ iie ac cn
w rocking @ gmail com
2022-04-17: last of 8 revisions
2022-03-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tingting Guo and Peng Wang},
      title = {A Note on the Security Framework of Two-key DbHtS MACs},
      howpublished = {Cryptology ePrint Archive, Paper 2022/375},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.