Improved Security Bound of (E/D)WCDM

Improved Security Bound of (E/D)WCDM

In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying b...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Nilanjan Datta, Avijit Dutta, Kushankur Dutta
Formato: article
Lenguaje:EN
Publicado: Ruhr-Universität Bochum 2021
Materias:
Wegman Carter
Extended Mirror Theory
Nonce Based MAC
EWCDM
DWCDM
Computer engineering. Computer hardware
TK7885-7895
Acceso en línea:https://doaj.org/article/f72e42b4173c42ecb7412ac4ef65fc1a
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:f72e42b4173c42ecb7412ac4ef65fc1a
record_format dspace
spelling oai:doaj.org-article:f72e42b4173c42ecb7412ac4ef65fc1a2021-12-03T14:38:29ZImproved Security Bound of (E/D)WCDM10.46586/tosc.v2021.i4.138-1762519-173Xhttps://doaj.org/article/f72e42b4173c42ecb7412ac4ef65fc1a2021-12-01T00:00:00Zhttps://tosc.iacr.org/index.php/ToSC/article/view/9332https://doaj.org/toc/2519-173X In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security. Nilanjan DattaAvijit DuttaKushankur DuttaRuhr-Universität BochumarticleWegman CarterExtended Mirror TheoryNonce Based MACEWCDMDWCDMComputer engineering. Computer hardwareTK7885-7895ENIACR Transactions on Symmetric Cryptology, Vol 2021, Iss 4 (2021)
institution DOAJ
collection DOAJ
language EN
topic Wegman Carter
Extended Mirror Theory
Nonce Based MAC
EWCDM
DWCDM
Computer engineering. Computer hardware
TK7885-7895
spellingShingle Wegman Carter
Extended Mirror Theory
Nonce Based MAC
EWCDM
DWCDM
Computer engineering. Computer hardware
TK7885-7895
Nilanjan Datta
Avijit Dutta
Kushankur Dutta
Improved Security Bound of (E/D)WCDM
description In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.
format article
author Nilanjan Datta
Avijit Dutta
Kushankur Dutta
author_facet Nilanjan Datta
Avijit Dutta
Kushankur Dutta
author_sort Nilanjan Datta
title Improved Security Bound of (E/D)WCDM
title_short Improved Security Bound of (E/D)WCDM
title_full Improved Security Bound of (E/D)WCDM
title_fullStr Improved Security Bound of (E/D)WCDM
title_full_unstemmed Improved Security Bound of (E/D)WCDM
title_sort improved security bound of (e/d)wcdm
publisher Ruhr-Universität Bochum
publishDate 2021
url https://doaj.org/article/f72e42b4173c42ecb7412ac4ef65fc1a
work_keys_str_mv AT nilanjandatta improvedsecurityboundofedwcdm
AT avijitdutta improvedsecurityboundofedwcdm
AT kushankurdutta improvedsecurityboundofedwcdm
_version_ 1718373184365920256

Ejemplares similares