[Resource Topic] 2017/220: Cryptanalysis of PMACx, PMAC2x, and SIVx

Welcome to the resource topic for 2017/220

Cryptanalysis of PMACx, PMAC2x, and SIVx

Authors: Kazuhiko Minematsu, Tetsu Iwata


At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2^n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2^{n/2}), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

ePrint: https://eprint.iacr.org/2017/220

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .