[Resource Topic] 2024/731: Tight Security of Double-Block Nonce-Based MACs

Welcome to the resource topic for 2024/731

Title:
Tight Security of Double-Block Nonce-Based MACs

Authors: Wonseok Choi, Jooyoung Lee, Yeongmin Lee

Abstract:

In this paper, we study the security of MAC constructions among those classified by Chen et al. in ASIACRYPT '21. Precisely, F^{\text{EDM}}_{B_2} (or \mathsf{EWCDM} as named by Cogliati and Seurin in CRYPTO '16), F^{\text{EDM}}_{B_3}, F^{\text{SoP}}_{B_2}, F^{\text{SoP}}_{B_3} (all as named by Chen et al.) are proved to be fully secure up to 2^n MAC queries in the nonce-respecting setting, improving the previous bound of \frac{3n}{4}-bit security. In particular, F^{\text{SoP}}_{B_2} and F^{\text{SoP}}_{B_3} enjoy graceful degradation as the number of queries with repeated nonces grows (when the underlying universal hash function satisfies a certain property called multi-xor-collision resistance). To do this, we develop a new tool, namely extended Mirror theory based on two independent permutations to a wide range of \xi_{\max} including inequalities. Furthermore, we give a generic semi-black-box reduction from single-user security bound in the standard model to multi-user security bound in the ideal cipher model, yielding significantly better bounds than the naive hybrid argument. This reduction is applicable to all MAC construction we considered in this paper and even can be more generalized.
We also present matching attacks on F^{\text{EDM}}_{B_4} and F^{\text{EDM}}_{B_5} using O(2^{3n/4}) MAC queries and O(1) verification query without using repeated nonces.

ePrint: https://eprint.iacr.org/2024/731

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .