International Association for Cryptologic Research

International Association
for Cryptologic Research


Single Key Variant of PMAC_Plus

Nilanjan Datta , Indian Institute of Technology, Kharagpur
Avijit Dutta , Indian Statistical Institute, Kolkata
Mridul Nandi , Indian Statistical Institute, Kolkata
Goutam Paul , Indian Statistical Institute, Kolkata
Liting Zhang , Westone Cryptologic Research Center, Beijing
DOI: 10.13154/tosc.v2017.i4.268-305
Search ePrint
Search Google
Abstract: At CRYPTO 2011, Yasuda proposed the PMAC_Plus message authentication code based on an n-bit block cipher. Its design principle inherits the well known PMAC parallel network with a low additional cost. PMAC_Plus is a rate-1 construction like PMAC (i.e., one block cipher call per n-bit message block) but provides security against all adversaries (under black-box model) making queries altogether consisting of roughly upto 22n/3 blocks (strings of n-bits). Even though PMAC_Plus gives higher security than the standard birthday bound security, with currently available best bound, it provides weaker security than PMAC for certain choices of adversaries. Moreover, unlike PMAC, PMAC_Plus operates with three independent block cipher keys. In this paper, we propose 1k-PMAC_Plus, the first rate-1 single keyed block cipher based BBB (Beyond Birthday Bound) secure (in standard model) deterministic MAC construction without arbitrary field multiplications. 1k-PMAC_Plus, as the name implies, is a simple one-key variant of PMAC_Plus. In addition to the key reduction, we obtain a higher security guarantee than what was proved originally for PMAC_Plus, thus an improvement in two directions.
  title={Single Key Variant of PMAC_Plus},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={2017, Issue 4},
  author={Nilanjan Datta and Avijit Dutta and Mridul Nandi and Goutam Paul and Liting Zhang},