3 research outputs found
The Exact Security of PMAC with Two Powering-Up Masks
PMAC is a rate-1, parallelizable, block-cipher-based message authentication code (MAC), proposed by Black and Rogaway (EUROCRYPT 2002). Improving the security bound is a main research topic for PMAC. In particular, showing a tight bound is the primary goal of the research, since Luykx et al.’s paper (EUROCRYPT 2016). Regarding the pseudo-random-function (PRF) security of PMAC, a collision of the hash function, or the difference between a random permutation and a random function offers the lower bound Ω(q2/2n) for q queries and the block cipher size n. Regarding the MAC security (unforgeability), a hash collision for MAC queries, or guessing a tag offers the lower bound Ω(q2m /2n + qv/2n) for qm MAC queries and qv verification queries (forgery attempts). The tight upper bound of the PRF-security O(q2/2n) of PMAC was given by Gaži et el. (ToSC 2017, Issue 1), but their proof requires a 4-wise independent masking scheme that uses 4 n-bit random values. Open problems from their work are: (1) find a masking scheme with three or less random values with which PMAC has the tight upper bound for PRF-security; (2) find a masking scheme with which PMAC has the tight upper bound for MAC-security.In this paper, we consider PMAC with two powering-up masks that uses two random values for the masking scheme. Using the structure of the powering-up masking scheme, we show that the PMAC has the tight upper bound O(q2/2n) for PRF-security, which answers the open problem (1), and the tight upper bound O(q2m /2n + qv/2n) for MAC-security, which answers the open problem (2). Note that these results deal with two-key PMACs, thus showing tight upper bounds of PMACs with single-key and/or with one powering-up mask are open problems
Multi User Security of LightMAC and LightMAC_Plus
In FSE\u2716, Luykx et al. have proposed that provably achieves a query length independent PRF security bound. To be precise, the construction achieves security roughly in the order of , when instantiated with two independently keyed -bit block ciphers and is the total number of queries made by the adversary. Subsequently, in ASIACRYPT\u2717, Naito proposed a beyond-birthday-bound variant of the construction, dubbed as \textsf{LightMAC_Plus}, that is built on three independently keyed -bit block ciphers and achieves -bits PRF security. Security analyses of these two constructions have been conducted in the single-user setting, where we assume that the adversary has the access to a single instance of the construction. In this paper, we investigate, for the first time, the security of the and the \textsf{LightMAC_Plus} construction in the context of multi-user setting, where we assume that the adversary has access to more than one instances of the construction. In particular, we have shown that remains secure roughly up to construction queries and ideal-cipher queries in the ideal-cipher model and \textsf{LightMAC_Plus} maintains security up to approximately construction queries and ideal-cipher queries in the ideal-cipher model, where denotes the block size and denotes the key size of the block cipher
Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers
We give an overview of our critiques of “proofs” of security and a guide to
our papers on the subject that have appeared over the past decade and a half. We also
provide numerous additional examples and a few updates and errata