Welcome to the resource topic for 2025/1127
Title:
KIVR: Committing Authenticated Encryption Using Redundancy and Application to GCM, CCM, and More
Authors: Yusuke Naito, Yu Sasaki, Takeshi Sugawara
Abstract:Constructing a committing authenticated encryption (AE)
satisfying the CMT-4 security notion is an ongoing research challenge.
We propose a new mode KIVR, a black-box conversion for adding the
CMT-4 security to existing AEs. KIVR is a generalization of the Hash-
then-Enc (HtE) [Bellare and Hoang, EUROCRYPT 2022] and uses a
collision-resistant hash function to generate an initial value (or nonce)
and a mask for redundant bits, in addition to a temporary key. We ob-
tain a general bound r/2 + tag-col with r-bit redundancy for a large class
of CTR-based AEs, where tag-col is the security against tag-collision at-
tacks. Unlike HtE, the security of KIVR linearly increases with r, achiev-
ing beyond-birthday-bound security. With a t-bit tag, tag-col lies 0 ≤
tag-col ≤ t/2 depending on the target AE. We set tag-col = 0 for GCM,
GCM-SIV, and CCM, and the corresponding bound r/2 is tight for GCM
and GCM-SIV. With CTR-HMAC, tag-col = t/2, and the bound (r + t)/2
is tight.
ePrint: https://eprint.iacr.org/2025/1127
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .