Cryptanalysis of PMACx, PMAC2x, and SIVx

CryptoDB

Cryptanalysis of PMACx, PMAC2x, and SIVx

Authors:	Kazuhiko Minematsu , NEC Corporation, Kawasaki Tetsu Iwata , Nagoya University
Download:	DOI: 10.13154/tosc.v2017.i2.162-176 URL: https://tosc.iacr.org/index.php/ToSC/article/view/642 Search ePrint Search Google
Abstract:	At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

BibTeX

@article{tosc-2017-28486,
  title={Cryptanalysis of PMACx, PMAC2x, and SIVx},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universität Bochum},
  volume={2017, Issue 2},
  pages={162-176},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/642},
  doi={10.13154/tosc.v2017.i2.162-176},
  author={Kazuhiko Minematsu and Tetsu Iwata},
  year=2017
}

International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Cryptanalysis of PMACx, PMAC2x, and SIVx

BibTeX

International Association for Cryptologic Research

International Associationfor Cryptologic Research

CryptoDB

Cryptanalysis of PMACx, PMAC2x, and SIVx

BibTeX

International Association
for Cryptologic Research