Welcome to the resource topic for 2020/656
Title:
On Length Independent Security Bounds for the PMAC Family
Authors: Bishwajit Chakraborty, Soumya Chattopadhyay, Ashwin Jha, Mridul Nandi
Abstract:At FSE 2017, Gaži et al. demonstrated a pseudorandom function (PRF) distinguisher (Gaži et al., ToSC 2016(2)) on PMAC with \Omega(\ell q^2/2^n) advantage, where q , \ell , and n , denote the number of queries, maximum permissible query length (in terms of n -bit blocks), and block size of the underlying block cipher. This, in combination with the upper bounds of O(\ell q^2/2^n) (Minematsu and Matsushima, FSE 2007) and O(q\sigma/2^n) (Nandi and Mandal, J. Mathematical Cryptology 2008(2)), resolved the long-standing problem of exact security of PMAC. Gaži et al. also showed that the dependency on \ell can be dropped (i.e. O(q^2/2^n) bound up to \ell \leq 2^{n/2} ) for a simplified version of PMAC, called sPMAC, by replacing the Gray code-based masking in PMAC with any 4 -wise independent universal hash-based masking. Recently, Naito proposed another variant of PMAC with two powering-up maskings (Naito, ToSC 2019(2)) that achieves \ell -free bound of O(q^2/2^n) , provided \ell \leq 2^{n/2} . In this work, we first identify a flaw in the analysis of Naito’s PMAC variant that invalidates the security proof. Apparently, the flaw is not easy to fix under the existing proof setup. We then formulate an equivalent problem which must be solved in order to achieve \ell -free security bounds for this variant. Second, we show that sPMAC achieves O(q^2/2^n) bound for a weaker notion of universality as compared to the earlier condition of 4 -wise independence.
ePrint: https://eprint.iacr.org/2020/656
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .