International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: DoveMAC: A TBC-based PRF with Smaller State, Full Security, and High Rate

Tony Grochow , Bauhaus-Universität Weimar, Weimar, Germany
Eik List , Bauhaus-Universität Weimar, Weimar, Germany
Mridul Nandi , Indian Statistical Institute, Kolkata, India
DOI: 10.13154/tosc.v2019.i3.43-80
Search ePrint
Search Google
Abstract: Recent parallelizable message authentication codes (MACs) have demonstrated the benefit of tweakable block ciphers (TBCs) for authentication with high security guarantees. With ZMAC, Iwata et al. extended this line of research by showing that TBCs can simultaneously increase the number of message bits that are processed per primitive call. However, ZMAC and previous TBC-based MACs needed more memory than sequential constructions. While this aspect is less an issue on desktop processors, it can be unfavorable on resource-constrained platforms. In contrast, existing sequential MACs limit the number of message bits to the block length of the primitive n or below.This work proposes DoveMAC, a TBC-based PRF that reduces the memory of ZMAC-based MACs to 2n+ 2t+2k bits, where n is the state size, t the tweak length, and k the key length of the underlying primitive. DoveMAC provides (n+min(n+t))/2 bits of security, and processes n+t bits per primitive call. Our construction is the first sequential MAC that combines beyond-birthday-bound security with a rate above n bits per call. By reserving a single tweak bit for domain separation, we derive a single-key variant DoveMAC1k.
Video from TOSC 2019
  title={DoveMAC: A TBC-based PRF with Smaller State, Full Security, and High Rate},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2019, Issue 3},
  author={Tony Grochow and Eik List and Mridul Nandi},