Welcome to the resource topic for 2025/2038
Title:
Breaking and Fixing MacaKey
Authors: Bishwajit Chakraborty, Chandranan Dhar
Abstract:The sponge construction underpins many modern symmetric primitives, enabling efficient hashing and authenticated encryption. While full-state absorption is known to be secure in keyed sponges, the security of full-state squeezing has remained unclear. Recently, Lefevre and Marhuenda-Beltr'an introduced (\textsf{MacaKey}), claiming provable security even when both phases operate over the full state. In this work, we revisit this claim and show that (\textsf{MacaKey}) is insecure. A simple four-query distinguishing attack violates its claimed bound, exploiting the exposure of the full internal state and the resulting loss of secrecy in the capacity portion during squeezing. We then propose two simple yet effective fixes that restore security with negligible overhead. The first,
\textsf{pMacaKey}, introduces an additional permutation between the absorption and squeezing phases to re-randomize the internal state. The second, \textsf{KeyMacaKey}, achieves a similar effect by incorporating a keyed finalization step without requiring an extra permutation call. We formally prove the security of \textsf{pMacaKey} in the random permutation model and conjecture that \textsf{KeyMacaKey} achieves comparable bounds. Both variants retain the full-state efficiency of \textsf{MacaKey} while ensuring strong, provable security guarantees.
ePrint: https://eprint.iacr.org/2025/2038
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .