(2021) On Length Independent Security Bounds for the PMAC Family.

Text
main.pdf Download (723kB)  Preview 
Abstract
At FSE 2017, Ga\v{z}i et al. demonstrated a pseudorandom function (PRF) distinguisher (Ga\v{z}i et al., ToSC 2016(2)) on PMAC with $ \Omega(\ell q^2/2^n) $ advantage, where $ q $, $ \ell $, and $ n $, denote the number of queries, maximum permissible query length (in terms of $ n $bit blocks), and block size of the underlying block cipher. This, in combination with the upper bounds of $ O(\ell q^2/2^n) $ (Minematsu and Matsushima, FSE 2007) and $ O(q\sigma/2^n) $ (Nandi and Mandal, J. Mathematical Cryptology 2008(2)), resolved the longstanding problem of exact security of PMAC. Ga\v{z}i et al. also showed that the dependency on $ \ell $ can be dropped (i.e. $ O(q^2/2^n) $ bound up to $ \ell \leq 2^{n/2} $) for a simplified version of PMAC, called sPMAC, by replacing the Gray codebased masking in PMAC with any $ 4 $wise independent universal hashbased masking. Recently, Naito proposed another variant of PMAC with two poweringup maskings (Naito, ToSC 2019(2)) that achieves $ \ell $free bound of $ O(q^2/2^n) $, provided $ \ell \leq 2^{n/2} $. In this work, we first identify a flaw in the analysis of Naito's PMAC variant that invalidates the security proof. Apparently, the flaw is not easy to fix under the existing proof setup. We then formulate an equivalent problem which must be solved in order to achieve $ \ell $free security bounds for this variant. Second, we show that sPMAC achieves $ O(q^2/2^n) $ bound for a weaker notion of universality as compared to the earlier condition of $ 4 $wise independence. Third, we analyze the security of PMAC1 (a popular variant of PMAC) with a simple modification in the linear combination of block cipher outputs. We show that this simple modification of PMAC1 has tight security $O(q^2/2^n)$ provided $\ell \leq 2^{n/4}$. Even if $\ell > 2^{n/4}$, we still achieve same tight bound as long as total number of blocks in all queries is less than $2^{2n/3}$.
Item Type:  Article 

Divisions:  BenoĆ®tMichel Cogliati (BC) 
Depositing User:  Ashwin Jha 
Date Deposited:  14 Jul 2021 09:45 
Last Modified:  14 Jul 2021 09:45 
Primary Research Area:  NRA1: Trustworthy Information Processing 
URI:  https://publications.cispa.saarland/id/eprint/3444 
Actions
Actions (login required)
View Item 