2024 | OriginalPaper | Buchkapitel
The Multi-user Security of MACs via Universal Hashing in the Ideal Cipher Model
verfasst von : Yusuke Naito
Erschienen in: Topics in Cryptology – CT-RSA 2024
Verlag: Springer Nature Switzerland
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Abstract
-
Using the revised definitions, we evaluate the multi-user security of the following MAC, called \(\textsf{HtE}\): \(\textsf{HtE}_{K,L}(M) = E_K(H^E_L(M))\) where \(M\) is a message, \(E_K\) is an \(n\)-bit ideal cipher with a \(k\)-bit key \(K\), and \(H_L^E\) is an ideal-cipher-based hash function with a key \(L\). We derive the multi-user-bound \(O\left( q_uq\epsilon _2 + q\epsilon _1 + \frac{p+\ell q}{2^k} \right) \) where \(p\) (resp. \(q\)) is the number of primitive (resp. construction) queries, and \(q_u\) is the maximum number of construction queries within one user.
-
We next evaluate the multi-user security of another hash-then-encrypt-type MAC, called \(\textsf{HtXE}\). \(\textsf{HtXE}\) is a generalization of \(\textsf{XCBC}\) and \(\textsf{TMAC}\) where a single-key block cipher is used and another key is applied to the state before the last block-cipher call of \(\textsf{HtXE}\). We show that \(\textsf{HtXE}\) achieves the same level of security as \(\textsf{HtE}\).
-
Finally, we show regular and almost-XOR-universal bounds of \(\textsf{CBC}\). Combining the bounds with those of \(\textsf{HtE}\) and of \(\textsf{HtXE}\), we obtain the bound \(O\left( \frac{\ell q_uq}{2^n} + \frac{p}{2^k} \right) \) for \(\textsf{HtE}\) or \(\textsf{HtXE}\) with \(\textsf{CBC}\), including \(\textsf{EMAC}\), \(\textsf{XCBC}\), and \(\textsf{TMAC}\). If \(q_u\ll 2^{n/2}\), then they achieve beyond-birthday-bound security.