A Unified Method for Improving PRF Bounds for a Class of Blockcipher Based MACs.

This paper provides a unified framework for improving PRF (pseudorandom function) advantages of several popular MACs (message authentication codes) based on a blockcipher modeled as RP (random permutation ... The PRF advantage of any SADE is O(t 2 /2 n ) as we can show that N (t, q) ≤ t 2 . Moreover, N (t, q) = O(tq) for all members of C and hence these MACs have improved advantages O(tq/2 n ). ... Conclusion and Future Work We provide a unified framework for improving PRF advantages of many known blockcipher based domain extensions. ...

doi:10.1007/978-3-642-13858-4_12 fatcat:vi7vi36u2vbn3gfbilxwlhh44a

In FSE 2010, Nandi proved a sufficient condition of pseudo random function (PRF) for affine domain extensions (ADE), wide class of block cipher based domain extensions. ... This sufficient condition is satisfied by all known blockcipher based ADE constructions, however, it is not a characterization of PRF. ... Bellare, Pietrzak and Rogaway in [3] , showed first time an improved bound lQ 2 2 n for CBC-MAC. Afterwards, similar improved bounds were given for PMAC [13, 14] , OMAC [16] and EMAC [20, 21] . ...

doi:10.1007/978-3-319-12475-9_21 fatcat:jhhpxz6cvngffnfcemp7o2d6ue

We propose a new mode of operation called ZMAC allowing to construct a (stateless and deterministic) message authentication code (MAC) from a tweakable block cipher (TBC). ... When using a TBC with n-bit blocks and t-bit tweaks, our construction provides security (as a variable-input-length PRF) beyond the birthday bound with respect to the block-length n and allows to process ... The authors would like to thank the anonymous reviewers of CRYPTO 2017 for their helpful comments. ...

doi:10.1007/978-3-319-63697-9_2 fatcat:ishib5ywabcspbg77dygze7cia

Sponge-based PRFs, where truncation is the final step due to its already being so for the hash function, have been proven secure [17, 21, 1, 8, 10] . ... We consider another, even simpler, candidate way, namely to change step (2) to apply a simple un-keyed output transform such as truncation. We call this AMAC, for augmented MAC. ... Acknowledgments We thank the Eurocrypt 2016 reviewers for their comments. ...

doi:10.1007/978-3-662-49890-3_22 fatcat:7csxsiz4arh47dzijtaeaaomkq

The Competition for Authenticated Encryption: Security, Applicability and Robustness (CAESAR) has as its official goal to "identify a portfolio of authenticated ciphers that offer advantages over AES-GCM ... Rather than invalidating the security claims of any of the candidates, our results provide an additional criterion for evaluating the security that candidates deliver, which can be useful for e.g. breaking ... We would like to thank the Ascon team for pointing out that generic attacks with the same time but much lower data complexity than our forgery exist, and the Deoxys team for suggesting a better way to ...

dblp:journals/iacr/VaudenayV17 fatcat:ewlkw53ygvdbzlnjik76x4fuga

We present a new class of attack that targets the decryption algorithm of an encryption scheme for symmetric encryption and public key encryption, or the verification algorithm for an authentication scheme ... This work describes a class of Algorithm Substitution Attack (ASA) generically targeting the receiver of a communication between two parties. ... Acknowledgements The research of Armour was supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/P009301 ...

dblp:journals/iacr/ArmourP22 fatcat:rhlzdghjlrg5zfabfcguqnpxvu

On the positive side, we give a provably indifferentiable Feistel-based construction, which reduces the round complexity from at least 6, needed for blockciphers, to only 3 for encryption. ... A central property of indifferentiable schemes is that they offer security with respect to a wide class of games. ... Acknowledgments The authors would like to thank Phillip Rogaway, Martijn Stam, and Stefano Tessaro for their comments. ...

doi:10.1007/978-3-319-96884-1_7 fatcat:r7x75bhhkbfzvdbwexayieynq4

Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. ... The idea of using full-state message absorption for higher efficiency was first made explicit in the Donkey Sponge MAC construction, but without any formal security proof. ... We would like to thank the ASIACRYPT reviewers for their constructive comments. We would also like to thank Joan Daemen and Gilles Van Assche for an insightful discussion. ...

doi:10.1007/978-3-662-48800-3_19 fatcat:lu6ck4fwsrgtzltbbw6l46b55i

A key aspect of Suite-B is the deployment of Elliptic Curve Cryptography (ECC). The non-repudiation aspect of this thesis is based on the Suite-B's digital signature scheme; ECDSA. ... The aim of this thesis is to consider a practical implementation and associated complexities of a non-repudiation system, including analytical and experimental testbeds and results. ... However using cross layer approaches, a more unified method can be utilized where all layers operate with enhancements destined for the lower layers. ...

doi:10.1109/wowmom.2010.5534971 dblp:conf/wowmom/Adibi10 fatcat:tzhws7t5tzao7eh7qcxfn5srfy

However, these methods have a price in the form of extra computation and memory footprint. ... Our framework offers a way to replace HE with cheaper Classical Cryptography primitives which provides security for the training process. ... We acknowledge two members of Peter Richtárik's Optimization and Machine Learning Laboratory, Alexander Tyurin and Egor Shulgin, for useful and insightful discussions before the start of this project. ...

arXiv:2312.02074v1 fatcat:jpzrlwsbyrfpnckeite3ew6nfm

Open Access Multiple Versions

We also propose another provably secure variant of OMD called pure OMD, which enjoys a great improvement of performance over OMD. ... Based on our findings, we formulate a new definition of online AE security under nonce-reuse, and demonstrate its feasibility. ... This method to tweak a PRF is essentially the XE method [Rog04a] , originally used to construct tweakable blockciphers. ...

doi:10.5075/epfl-thesis-8681 fatcat:lnmf4nr3xjdfzdf3l6x5dmzhia

For example, implementing cryptographic protocols based on research papers is very difficult for non-researchers. ... popularization of research results for a general audience. ... This invalidates the proofs of the PRF bounds. In ICALP'06, Pietrzak improved the bound for EMAC by showing a tight bound O(q 2 /2 n ) under the restriction that < 2 n/8 . ...

doi:10.4230/dagrep.6.1 fatcat:vq74ezrwifbkhex6twvtdzbpaa

Open Access

We provide the first automated analysis method for protocols that use AEADs that can systematically find attacks that exploit the subtleties of the specific type of AEAD used. ... Furthermore, our analysis reveals undesirable behaviors of several other protocols based on AEAD subtleties. ... In this paper, we extend the robustness notions FROB and eFROB for randomized AEADs to a unified notion X-FROB for nonce-based AEADs in Definition 11 , where X ⊆ (k, N, H, m) denotes the degree of robustness ...

doi:10.60882/cispa.25435201.v1 fatcat:337rylzy4zgznh4tr2etugszpi

Open Access

And our scheduler matches this bound (up to a constant factor) when b = O( 1 ) and k = O(log q). We defer the proof of the theorem to Section B. ... Acknowledgements We are thankful to Siyao Guo for clarifications regarding the known techniques for establishing lower bounds for problems in the generic group model with preprocessing. ... It is a blockcipher-based scheme, however, instead of a conventional variable-input-length PRF (or MAC) such as CMAC, GTM uses a variant of vector-input PRF [34] that accepts an empty string as a component ...

doi:10.4230/lipics.itc.2022 fatcat:essd7vkxajblve2oviyqqe2o3e

Open Access

This dissertation presents 1) a systematization of MPC protocols that helps clarify their security and efficiency properties, 2) new, efficient protocols for access control in private databases, and 3) ... Such protocols attempt to strike a balance between efficiency and security, often by allowing a quantified amount of leakage. ... One trick they use reduces the size overhead of the tags by encoding the MACs in a Bloom filter, which trades strict search accuracy for space. ...

doi:10.7282/t3r213c5 fatcat:nz3zxloklzcudlcbvod33olf4y

A Unified Method for Improving PRF Bounds for a Class of Blockcipher Based MACs [chapter]

Preserved Fulltext

Equivalence between MAC, WCR and PRF for Blockcipher Based Constructions [chapter]

Preserved Fulltext

ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication [chapter]

Preserved Fulltext

Hash-Function Based PRFs: AMAC and Its Multi-User Security [chapter]

Preserved Fulltext

Under Pressure: Security of Caesar Candidates beyond their Guarantees [article]

Preserved Fulltext

Algorithm Substitution Attacks against Receivers [article]

Preserved Fulltext

Indifferentiable Authenticated Encryption [chapter]

Preserved Fulltext

Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption [chapter]

Preserved Fulltext

An application layer non-repudiation wireless system: A cross-layer approach

Preserved Fulltext

Federated Learning is Better with Non-Homomorphic Encryption [article]

Preserved Fulltext

Provably Secure Authenticated Encryption

Preserved Fulltext

Dagstuhl Reports, Volume 6, Issue 1, January 2016, Complete Issue [article]

Preserved Fulltext

Automated Analysis of Protocols that use Authenticated Encryption: How Subtle AEAD Differences can impact Protocol Security

Preserved Fulltext

LIPIcs, Volume 230, ITC 2022, Complete Volume [article]

Preserved Fulltext

Putting secure computation to work

Preserved Fulltext