## CryptoDB

### Paper: Improving upon HCTR and matching attacks for Hash-Counter-Hash approach

Authors: Mridul Nandi URL: http://eprint.iacr.org/2008/090 Search ePrint Search Google McGrew and Fluhrer first proposed hash-counter-hash approach to encrypt arbitrary length messages. By its nature, counter can handle incomplete message blocks as well as complete message blocks in the same manner. HCTR is the till date best (in terms of efficiency) strong pseudo random permutation or SPRP among all known counter based SPRPs. But as of now, a cubic bound for HCTR is known. Moreover, all invocations of underlying block ciphers can not be made in parallel. Our new proposal (we call it HMC or Hash Modified Counter) provides a quadratic security bound and all block cipher invocations are parallel in nature even if we have an incomplete message block. We also present a prp-distinguishing attack on a generic counter based encryption, which makes $q$ non-adaptive encryption queries consisting of $(\ell+1)$ $n$-bit blocks and has success probability roughly $\ell^2q^2/2^n$. Loosely speaking, the success probability matches with the upper bound of distinguishing probability. As a result, we prove that the known quadratic bounds for XCB, HCH and HMC are tight.
##### BibTeX
@misc{eprint-2008-17767,
title={Improving upon HCTR and matching attacks for Hash-Counter-Hash approach},
booktitle={IACR Eprint archive},
keywords={secret-key cryptography /},
url={http://eprint.iacr.org/2008/090},
note={ mridul.nandi@gmail.com 13937 received 28 Feb 2008},
author={Mridul Nandi},
year=2008
}