[Resource Topic] 2020/1145: Improved Security Analysis for Nonce-based Enhanced Hash-then-Mask MACs

Resource Secret-key cryptography
#1

Welcome to the resource topic for 2020/1145

Title:
Improved Security Analysis for Nonce-based Enhanced Hash-then-Mask MACs

Authors: Wonseok Choi, Byeonghak Lee, Yeongmin Lee, Jooyoung Lee

Abstract:

In this paper, we prove that the nonce-based enhanced hash-then-mask MAC (\mathsf{nEHtM}) is secure up to 2^{\frac{3n}{4}} MAC queries and 2^n verification queries (ignoring logarithmic factors) as long as the number of faulty queries \mu is below 2^\frac{3n}{8}, significantly improving the previous bound by Dutta et al. Even when \mu goes beyond 2^{\frac{3n}{8}}, \mathsf{nEHtM} enjoys graceful degradation of security. The second result is to prove the security of PRF-based \mathsf{nEHtM}; when \mathsf{nEHtM} is based on an n-to-s bit random function for a fixed size s such that 1\leq s\leq n, it is proved to be secure up to any number of MAC queries and 2^s verification queries, if (1) s=n and \mu<2^{\frac{n}{2}} or (2) \frac{n}{2}<s<2^{n-s} and \mu<\max\{2^{\frac{s}{2}},2^{n-s}\}, or (3) s\leq \frac{n}{2} and \mu<2^{\frac{n}{2}}. This result leads to the security proof of truncated \mathsf{nEHtM} that returns only s bits of the original tag since a truncated permutation can be seen as a pseudorandom function. In particular, when s\leq\frac{2n}{3}, the truncated \mathsf{nEHtM} is secure up to 2^{n-\frac{s}{2}} MAC queries and 2^s verification queries as long as \mu<\min\{2^{\frac{n}{2}},2^{n-s}\}. For example, when s=\frac{n}{2} (resp. s=\frac{n}{4}), the truncated \mathsf{nEHtM} is secure up to 2^{\frac{3n}{4}} (resp. 2^{\frac{7n}{8}}) MAC queries. So truncation might provide better provable security than the original \mathsf{nEHtM} with respect to the number of MAC queries.

ePrint: https://eprint.iacr.org/2020/1145

Talk: https://www.youtube.com/watch?v=F2gnZV7nIzc

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .