Paper 2023/218

On the Post-Quantum Security of Classical Authenticated Encryption Schemes

Nathalie Lang, Bauhaus University, Weimar
Stefan Lucks, Bauhaus University, Weimar
Abstract

We study the post-quantum security of authenticated encryption (AE) schemes, designed with classical security in mind. Under superposition attacks, many CBC-MAC variants have been broken, and AE modes employing those variants, such as EAX and GCM, thus fail at authenticity. As we show, the same modes are IND-qCPA insecure, i.e., they fail to provide privacy under superposition attacks. However, a constrained version of GCM is IND-qCPA secure, and a nonce-based variant of the CBC-MAC is secure under superposition queries. Further, the combination of classical authenticity and classical chosen-plaintext privacy thwarts attacks with superposition chosen-ciphertext and classical chosen-plaintext queries -a security notion that we refer to as IND-qdCCA. And nonce-based key derivation allows generically turning an IND-qdCCA secure scheme into an IND-qCCA secure scheme.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. AfricaCrypt 2023
Keywords
authenticated encryptionpost-quantum security
Contact author(s)
nathalie lang @ uni-weimar de
stefan lucks @ uni-weimar de
History
2023-06-16: last of 2 revisions
2023-02-17: received
See all versions
Short URL
https://ia.cr/2023/218
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/218,
      author = {Nathalie Lang and Stefan Lucks},
      title = {On the Post-Quantum Security of Classical Authenticated Encryption Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2023/218},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/218}},
      url = {https://eprint.iacr.org/2023/218}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.