Paper 2023/1422

Tight Security Bound of 2k-LightMAC Plus

Abstract

In ASIACRYPT'17, Naito proposed a beyond-birthday-bound variant of the LightMAC construction, called LightMAC_Plus, which is built on three independently keyed $$-bit block ciphers, and showed that the construction achieves $$-bits PRF security. Later, Kim et al. claimed (without giving any formal proof) its security bound to $$. In FSE'18, Datta et al. have proposed a two-keyed variant of the LightMAC_Plus construction, called 2k-LightMAC_Plus, which is built on two independently keyed $$-bit block ciphers, and showed that the construction achieves $$-bits PRF security. In this paper, we show a tight security bound on the 2k-LightMAC_Plus construction. In particular, we show that it provably achieves security up to $$ queries. We also exhibit a matching attack on the construction with the same query complexity and hence establishing the tightness of the security bound. To the best of our knowledge, this is the first work that provably shows a message length independent $$-bit tight security bound on a block cipher based variable input length PRF with two block cipher keys.