Output Masking of Tweakable Even-Mansour Can Be Eliminated for Message Authentication Code

In this paper we consider the simplest possible construction of PMAC from a permutation. PMAC-type schemes have been usually constructed from a tweakable blockcipher (TBC). Regarding TBCs, there have been research directions from (1) to (2) and from (1) to (3) described as follows. Here, \(E_{K'}:\{0,1\}^n\rightarrow \{0,1\}^n\) is a blockcipher with a key \(K'\), \(P:\{0,1\}^n\rightarrow \{0,1\}^n\) is a permutation, \(h_K\) is a hash function of a uniform and almost XOR universal family from some tweak space \(\mathcal {TW}\) to \(\{0,1\}^n\), \(tw \in \mathcal {TW}\) is a tweak, and \(x \in \{0,1\}^n\) is an input to a TBC.

[1]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[2]  Kan Yasuda,et al.  A New Variant of PMAC: Beyond the Birthday Bound , 2011, CRYPTO.

[3]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[4]  Kaoru Kurosawa,et al.  Power of a Public Random Permutation and Its Application to Authenticated Encryption , 2010, IEEE Transactions on Information Theory.

[5]  Benoit Cogliati,et al.  Tweaking Even-Mansour Ciphers , 2015, CRYPTO.

[6]  Palash Sarkar,et al.  A General Construction of Tweakable Block Ciphers and Different Modes of Operations , 2008, IEEE Trans. Inf. Theory.

[7]  Bart Mennink,et al.  Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption , 2016, IACR Cryptol. ePrint Arch..

[8]  Adi Shamir,et al.  Minimalism in Cryptography: The Even-Mansour Scheme Revisited , 2012, EUROCRYPT.

[9]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[10]  Yishay Mansour,et al.  A Construction of a Cioher From a Single Pseudorandom Permutation , 1991, ASIACRYPT.

[11]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[12]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[13]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[14]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[15]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[16]  Kenneth G. Paterson,et al.  On Cipher-Dependent Related-Key Attacks in the Ideal-Cipher Model , 2011, IACR Cryptol. ePrint Arch..

[17]  Bart Mennink,et al.  XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees , 2016, CRYPTO.

[18]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.