Skip to main content
SpringerLink
Log in

Multi-user BBB security of public permutations based MAC

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

At CRYPTO 2019, Chen et al. have shown a beyond the birthday bound secure n-bit to n-bit PRF based on public random permutations. Followed by the work, Dutta and Nandi have proposed a beyond the birthday bound secure nonce based MAC nEHtMp based on public random permutation. In particular, the authors have shown that nEHtMp achieves tight 2n/3-bit security (with respect to the state size of the permutation) in the single-user setting, and their proven bound gracefully degrades with the repetition of the nonces. However, we have pointed out that their security proof is not complete (albeit it does not invalidate their security claim). In this paper, we propose a minor variant of nEHtMp construction, called \(\textsf {nEHtM}^{*}_{p}\) and show that it achieves a tight 2n/3 bit security in the multi-user setting. Moreover, the security bound of our construction also degrades gracefully with the repetition of nonces. Finally, we have instantiated our construction with the PolyHash function to realize a concrete beyond the birthday bound secure public permutation-based MAC, \(\textsf {nEHtM}_{p}^{+}\) in the multi-user setting.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. It has been stated [31] that faulty nonce model is a weaker notion than multi-collision of nonces – a natural and a popular metric to measure the misuse of the nonce.

  2. We would like to emphasize that repetition of nonce between two different users will not be considered as a faulty nonce

  3. For the sake of simplicity of the security bound, we choose 𝜖axu = 𝜖reg = 𝜖.

  4. K denotes the tuple of user keys; yet the construction takes only a single key.

References

  1. László, B.: The fourier transform and equations over finite abelian groups (lecture notes, version 1.3) (2002)

  2. Bellare, M., Bernstein, D.J., Tessaro, S.: Hash-function based prfs: AMAC and its multi-user security. In: Fischlin, M., Coron, J.-S. (eds.) Advances in Cryptology -EUROCRYPT 2016 - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part I, vol. 9665 of Lecture Notes in Computer Science, pp 566–595. Springer (2016)

  3. Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting Security proofs and improvements. In: Preneel, B. (ed.) Advances in Cryptology -EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000, Proceeding, vol. 1807 of Lecture Notes in Computer Science, pp 259–274. Springer (2000)

  4. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, Miami Beach, Florida, USA, FOCS ’97, October 19-22, 1997, pp 394–403. IEEE Computer Society (1997)

  5. Bellare, M., Björn, T: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I, vol. 9814 of Lecture Notes in Computer Science, pp 247–276. Springer (2016)

  6. Bernstein, D.J., Kȯlbl, S., Lucks, S., Massolino, P.M.C., Mendel, F., Nawaz, K., Schneider, T., Schwabe, P., Standaert, F.-X., Todo, Y., Viguier, B.: Gimli: A cross-platform permutation. In: Proceedings Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, pp 299–320 (2017)

  7. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Keccak. In: Proceedings Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013, pp 313–314 (2013)

  8. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Farfalle: parallel permutation-based cryptography. IACR Cryptol. ePrint Arch. 2016, 1188 (2016)

    Google Scholar 

  9. Bhattarcharjee, A., Dutta, A., List, E., Nandi, M.: CENCPP - beyond-birthday-secure encryption from public permutations. IACR Cryptol. ePrint Arch. 2020, 602 (2020)

    Google Scholar 

  10. Biham, E.: How to decrypt or even substitute des-encrypted messages in 228 steps. Inf. Process. Lett. 84(3), 117–124 (2002)

    Article  MathSciNet  Google Scholar 

  11. Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B, Tavares, S.E. (eds.) Selected Areas in Cryptography, 12th International Workshop, SAC 2005, Kingston, ON, Canada, August 11-12, 2005, Revised Selected Papers, vol. 3897 of Lecture Notes in Computer Science, pp 110–127. Springer (2005)

  12. Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) Advances in Cryptology - EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings, vol. 2332 of Lecture Notes in Computer Science, pp 384–397. Springer (2002)

  13. Bȯck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: Practical forgery attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies, WOOT 16, Austin, TX, USA, August 8-9, 2016 (2016)

  14. Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: SPONGENT: the design space of lightweight cryptographic hashing. IEEE Trans. Comput. 62(10), 2041–2053 (2013)

    Article  MathSciNet  Google Scholar 

  15. Bose, P., Hoang, V.T., Tessaro, S.: Revisiting AES-GCM-SIV: multi-user security, faster key derivation, and better bounds. In: 2018 Proceedings, Part I Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, pp 468–499 (2018)

  16. Chakraborti, A., Datta, N., Nandi, M., Yasuda, K.: Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans. Cryptogr. Hardw. E. Syst. 2018(2), 218–241 (2018)

    Article  Google Scholar 

  17. Chakraborti, A., Nandi, M., Talnikar, S., Yasuda, K.: On the composition of single-keyed tweakable even-mansour for achieving BBB security. IACR Trans. Symmetric Cryptol. 2020(2), 1–39 (2020)

    Article  Google Scholar 

  18. Chakraborty, B., Jha, A., Nandi, M.: On the security of sponge-type authenticated encryption modes. IACR Trans. Symmetric Cryptol. 2020 (2), 93–119 (2020)

    Article  Google Scholar 

  19. Chatterjee, S., Menezes, A., Sarkar, P.: Another look at tightness. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography - 18th International Workshop, SAC 2011, Toronto, ON, Canada, August 11-12, 2011, Revised Selected Papers, vol. 7118 of Lecture Notes in Computer Science, pp 293–319. Springer (2011)

  20. Long Chen, Y u, Lambooij, E., Mennink, B.: How to build pseudorandom functions from public random permutations. In: Advances in Cryptology - CRYPTO 2019 - 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2019, Proceedings, Part I, pp 266–293 (2019)

  21. Choi, W., Lee, ByeongHak, Lee, Y., Lee, J.: Improved security analysis for nonce-based enhanced hash-then-mask macs. In: Moriai, S., Wang, H. (eds.) Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part I, vol. 12491 of Lecture Notes in Computer Science, pp 697–723. Springer (2020)

  22. Cogliati, B., Seurin, S.: EWCDM: an efficient, beyond-birthday secure, nonce-misuse resistant MAC. In: CRYPTO 2016, Proceedings, Part I, pp 121–149 (2016)

  23. Cogliati, B., Seurin, Y.: Analysis of the single-permutation encrypted davies-meyer construction. Des. Codes Cryptogr. 86(12), 2703–2723 (2018)

    Article  MathSciNet  Google Scholar 

  24. Daemen, J., Mennink, B., Assche, G.V.: Full-state keyed duplex with built-in multi-user support. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part II, vol. 10625 of Lecture Notes in Computer Science, pp 606–637. Springer (2017)

  25. Datta, N., Dutta, A., Nandi, M., Paul, G.: Double-block hash-then-sum: A paradigm for constructing bbb secure prf. IACR Trans. Symmetric Cryptol. 2018(3), 36–92 (2018)

    Article  Google Scholar 

  26. Datta, N., Dutta, A., Nandi, M., Yasuda, K.: Encrypt or decrypt? to make a single-key beyond birthday secure nonce-based MAC. In: Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part I, pp 631–661 (2018)

  27. Datta, N., Dutta, A., Nandi, M., Yasuda, K.: Encrypt or decrypt? to make a single-key beyond birthday secure nonce-based mac. Cryptology ePrint Archive Report 2018/500 (2018)

  28. Datta, N., Dutta, A., Nandi, M., Yasuda, K.: sfdwcdm+: A BBB secure nonce based MAC. Adv. Math. Commun. 13(4), 705–732 (2019)

    Article  MathSciNet  Google Scholar 

  29. Dutta, A., Jha, A., Nandi, M.: Tight security analysis of EHTM MAC. IACR Trans. Symmetric Cryptol. 2017(3), 130–150 (2017)

    Article  Google Scholar 

  30. Dutta, A., Nandi, M.: BBB secure nonce based MAC using public permutations. In: Nitaj, A., Youssef, A.M. (eds.) Progress in Cryptology - AFRICACRYPT 2020 - 12th International Conference on Cryptology in Africa, Cairo, Egypt, July 20-22, 2020, Proceedings, vol. 12174 of Lecture Notes in Computer Science, pp 172–191. Springer (2020)

  31. Dutta, A., Nandi, M., Talnikar, S.: Beyond birthday bound secure MAC in faulty nonce model. In: Advances in Cryptology - EUROCRYPT 2019 - 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19-23, 2019, Proceedings, Part I, pp 437–466 (2019)

  32. Dutta, A., Nandi, M., Talnikar, S.: Permutation based edm: An inverse free bbb secure prf. Cryptology ePrint Archive Report 2021/679 (2021)

  33. Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Crypt. 10(3), 151–162 (1997)

    Article  MathSciNet  Google Scholar 

  34. Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2011. Proceedings, pp 222–239 (2011)

  35. Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: Exact bounds and multi-user security. In: Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I, pp 3–32 (2016)

  36. Hoang, V.T., Tessaro, S.: The multi-user security of double encryption. In: Advances in Cryptology - EUROCRYPT 2017 - 36th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Paris, France, April 30 - May 4, 2017, Proceedings, Part II, pp 381–411 (2017)

  37. Luykx, A., Mennink, B., Paterson, K.G: Analyzing multi-key security degradation. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part II, vol. 10625 of Lecture Notes in Computer Science, pp 575–605. Springer (2017)

  38. Luykx, A., Preneel, B., Tischhauser, E., Yasuda, K.: AMACmode for lightweight block ciphers. In: Fast Software Encryption - 23rd International Conference, FSE 2016, Bochum, Germany, March 20-23, 2016, Revised Selected Papers, pp 43–59 (2016)

  39. Kazuhiko, M.: How to thwart birthday attacks against macs via small randomness. In: Fast Software Encryption, FSE 2010, pp 230–249 (2010)

  40. Minematsu, K., blockcipher, Tetsu Iwata.: Building blockcipher from tweakable Extending FSE 2009 proposal. In: Cryptography and Coding - 13th IMA International Conference, IMACC 2011, Oxford, UK, December 12-15, 2011, Proceedings, pp 391–412 (2011)

  41. Morgan, A., Pass, R., Shi, E.: On the adaptive security of macs and prfs. In: Moriai, S., Wang, H. (eds.) Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part I, vol. 12491 of Lecture Notes in Computer Science, pp 724–753. Springer (2020)

  42. Mouha, N., Luykx, A.: Multi-key security: The even-mansour construction revisited. In: Gennaro, R., Robshaw, M. (eds.) Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part I, vol. 9215 of Lecture Notes in Computer Science, pp 209–223. Springer (2015)

  43. Nandi, M.: Mind the composition: Birthday bound attacks on EWCDMD and sokac21. In: Canteaut, A., Ishai, Y. (eds.) Advances in Cryptology -EUROCRYPT 2020 - 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10-14, 2020, Proceedings, Part I, vol. 12105 of Lecture Notes in Computer Science, pp 203–220. Springer (2020)

  44. Nandi, M., Mandal, A.: Improved security analysis of PMAC. J. Math Cryptol. 2(2), 149–162 (2008)

    Article  MathSciNet  Google Scholar 

  45. Jacques, P.: The “coefficients h” technique. In: Selected Areas in Cryptography, 15th International Workshop, SAC 2008, Sackville, New Brunswick, Canada, August 14-15, Revised Selected Papers, pp 328–345 (2008)

  46. John, P.: Steinberger. Counting solutions to additive equations in random sets. arXiv:abs/1309.5582 (2013)

  47. Mark, N.: Wegman and Larry Carter. New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981)

    Article  Google Scholar 

  48. Shen, Y., Wang, L., Weng, J.: Revisiting the security of dbhts macs: Beyond-birthday-bound in the multi-user setting. Cryptology ePrint Archive Report 2020/1523 (2020)

Download references

Author information

Authors and Affiliations

  1. KU Leuven, Leuven, Belgium

    Yu Long Chen

  2. Institute for Advancing Intelligence, TCG-CREST, Kolkata, India

    Avijit Dutta

  3. Indian Statistical Institute, Kolkata, India

    Mridul Nandi

Authors
  1. Yu Long Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Avijit Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mridul Nandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Avijit Dutta.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

ESM 1

(PDF 298 KB)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chen, Y.L., Dutta, A. & Nandi, M. Multi-user BBB security of public permutations based MAC. Cryptogr. Commun. 14, 1145–1177 (2022). https://doi.org/10.1007/s12095-022-00571-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-022-00571-w

Keywords

Search

Navigation