Improved security analysis of PMAC
نویسندگان
چکیده
In this paper we provide a simple, concrete and improved security analysis of Parallelizable Message Authentication Code or PMAC. In particular, we show that the advantage of any distinguisher A at distinguishing PMAC from a random function is at most (5qσ − 3.5q)/2. Here, σ is the total number of message blocks in all q queries made by A and PMAC is based on a random permutation over {0, 1}. In the original paper of PMAC by Black and Rogaway in Eurocrypt-2002, the bound was shown to be (σ + 1)2/2n−1. In FSE-2007, Minematsu and Matsushima provided a bound 5`q/(2 − 2`), where ` is the number of blocks of the longest queried made by the distinguisher. Our proposed bound is sharper than these two previous bounds.
منابع مشابه
Improved security analysis of OMAC
We present an improved security analysis of OMAC, the construction is widely used as a candidate of MAC or Pseudo Random Function (or PRF). In this direction, the first result was given in Crypto05 where an improved security analysis of CBC (for fixed length or for arbitrary length prefix-free messages) had provided. Followed by this work, improved bounds for XCBC, TMAC and PMAC were found. The...
متن کاملAnother Look at PMAC
We can view an existing Message Authentication Code (MAC) as a Carter-Wegman MAC in spite of the fact it may not have been designed as one. This will make the analysis easier than it has been when considered from other viewpoints. In this paper, we can look PMAC with two keys as a Carter-Wegman MAC and get a simple security proof for it. Using this viewpoint to look at PMAC, we will learn not o...
متن کاملOn the Influence of Message Length in PMAC's Security Bounds
Many MAC (Message Authentication Code) algorithms have security bounds which degrade linearly with the message length. Often there are attacks that confirm the linear dependence on the message length, yet PMAC has remained without attacks. Our results show that PMAC’s message length dependence in security bounds is non-trivial. We start by studying a generalization of PMAC in order to focus on ...
متن کاملThe Exact Security of PMAC
PMAC is a simple and parallel block-cipher mode of operation, which was introduced by Black and Rogaway at Eurocrypt 2002. If instantiated with a (pseudo)random permutation over n-bit strings, PMAC constitutes a provably secure variable input-length (pseudo)random function. For adversaries making q queries, each of length at most ` (in n-bit blocks), and of total length σ ≤ q`, the original pap...
متن کاملA New Variant of PMAC: Beyond the Birthday Bound
We propose a PMAC-type mode of operation that can be used as a highly secure MAC (Message Authentication Code) or PRF (Pseudo-Random Function). Our scheme is based on the assumption that the underlying n-bit blockcipher is a pseudo-random permutation. Our construction, which we call PMAC Plus, involves extensive modification to PMAC, requiring three blockcipher keys. The PMAC Plus algorithm is ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- J. Mathematical Cryptology
دوره 2 شماره
صفحات -
تاریخ انتشار 2007