改进的(E/D)WCDM安全边界

IF 1.7 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IACR Transactions on Symmetric Cryptology Pub Date : 2021-12-03 DOI:10.46586/tosc.v2021.i4.138-176

N. Datta, Avijit Dutta, Kushankur Dutta

{"title":"改进的(E/D)WCDM安全边界","authors":"N. Datta, Avijit Dutta, Kushankur Dutta","doi":"10.46586/tosc.v2021.i4.138-176","DOIUrl":null,"url":null,"abstract":"In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"8 1","pages":"138-176"},"PeriodicalIF":1.7000,"publicationDate":"2021-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Improved Security Bound of (E/D)WCDM\",\"authors\":\"N. Datta, Avijit Dutta, Kushankur Dutta\",\"doi\":\"10.46586/tosc.v2021.i4.138-176\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.\",\"PeriodicalId\":37077,\"journal\":{\"name\":\"IACR Transactions on Symmetric Cryptology\",\"volume\":\"8 1\",\"pages\":\"138-176\"},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2021-12-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Transactions on Symmetric Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.46586/tosc.v2021.i4.138-176\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2021.i4.138-176","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 4

摘要

在CRYPTO ' 16中，Cogliati和Seurin提出了一种基于nonce的分组密码MAC，称为Encrypted Wegman-Carter with Davies-Meyer (EWCDM)，它在nonce尊重设置下给出了2n/3位的MAC安全性，在nonce误用设置下给出了n/2位的安全性，其中n为底层分组密码的块大小。然而，这种构造需要两个独立的分组密码密钥。在CRYPTO ' 18中，Datta等人提出了一种基于nonce的单键分组密码MAC，称为Decrypted Wegman-Carter with Davies-Meyer (DWCDM)，它还在nonce尊重设置中提供2n/3位MAC安全性，在nonce误用设置中提供n/2位安全性。然而，DWCDM的缺点是它只需要2n/3比特的nonce。事实上，作者已经证明DWCDM不能实现超过n位随机数的生日界限安全性。在本文中，我们证明了具有3n/4位随机数的DWCDM对所有尊重随机数的对手提供高达O(23n/4)个MAC查询的MAC安全性。我们还将EWCDM的MAC界从2n/3位提高到3n/4位。这两个结果的主干是对扩展镜像理论的精细处理，该理论系统地估计了二元仿射方程和非方程系统的解的数量，我们将其应用于结构的安全性证明，以实现3n/4位安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improved Security Bound of (E/D)WCDM

In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IACR Transactions on Symmetric Cryptology Mathematics-Applied Mathematics

CiteScore

5.50

自引率

22.90%

发文量