Domain Extension for MACs Beyond the Birthday Barrier
نویسندگان
چکیده
Given an n-bit to n-bit MAC (e.g., a fixed key blockcipher) with MAC security ε against q queries, we design a variable-length MAC achieving MAC security O(εq poly(n)) against queries of total length qn. In particular, our construction is the first to break the “birthday barrier” for MAC domain extension from noncompressing primitives, since our security bound is meaningful even for q = 2/poly(n) (assuming ε is the best possible O(1/2)). In contrast, the previous best construction for MAC domain extension for n-bit to n-bit primitives, due to Dodis and Steinberger [11], achieved MAC security of O(εq(log q)), which means that q cannot cross the “birthday bound” of 2.
منابع مشابه
A Double-Piped Mode of Operation for MACs, PRFs and PROs: Security beyond the Birthday Barrier
We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-leng...
متن کاملA One-Pass Mode of Operation for Deterministic Message Authentication- Security beyond the Birthday Barrier
We present a novel mode of operation which iterates a compression function f : {0, 1} → {0, 1} meeting a condition b ≥ 2n. Our construction can be viewed as a way of domain extension, applicable to a fixed-input-length PRF (pseudo-random function) fk : {0, 1}b → {0, 1} meeting the condition b ≥ 2n, which yields an arbitrary-inputlength PRF Fk : {0, 1}∗ → {0, 1}. Our construction accomplishes bo...
متن کاملBlockcipher-based MACs: Beyond the Birthday Bound without Message Length
We present blockcipher-based MACs (Message Authentication Codes) that have beyond the birthday bound security without message length in the sense of PRF (Pseudo-Random Function) security. Achieving such security is important in constructing MACs using blockciphers with short block sizes (e.g., 64 bit). Luykx et al. (FSE 2016) proposed LightMAC, the first blockcipher-based MAC with such security...
متن کامل3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound
Among various cryptographic schemes, CBC-based MACs belong to the few ones most widely used in practice. Such MACs iterate a blockcipher EK in the so called Cipher-Block-Chaining way, i.e. Ci = EK(Mi⊕Ci−1) , offering high efficiency in practical applications. In the paper, we propose a new deterministic variant of CBC-based MACs that is provably secure beyond the birthday bound. The new MAC 3kf...
متن کاملOne-key Double-Sum MAC with Beyond-Birthday Security
MACs (Message Authentication Codes) are widely adopted in communication systems to ensure data integrity and data origin authentication, e.g. CBC-MACs in the ISO standard 9797-1. However, all the current designs either suffer from birthday attacks or require long key sizes. In this paper, we focus on designing beyond-birthday-bound MAC modes with a single key, and investigate their design princ...
متن کامل