International Association for Cryptologic Research

International Association
for Cryptologic Research


Tight Security Bounds for Double-block Hash-then-Sum MACs

Seongkwang Kim , KAIST, Daejeon, Korea
Byeonghak Lee , KAIST, Daejeon, Korea
Jooyoung Lee , KAIST, Daejeon, Korea
DOI: 10.1007/978-3-030-45721-1_16 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2020
Abstract: In this work, we study the security of deterministic MAC constructions with a double-block internal state, captured by the double-block hash-then-sum (DBH) paradigm. Most DBH constructions, including PolyMAC, SUM-ECBC, PMAC-Plus, 3kf9 and LightMAC-Plus, have been proved to be pseudorandom up to 2^{2n/3} queries when they are instantiated with an n-bit block cipher, while the best known generic attacks require 2^{3n/4} queries. We close this gap by proving the PRF-security of DBH constructions up to 2^{3n/4} queries (ignoring the maximum message length). The core of the security proof is to refine Mirror theory that systematically estimates the number of solutions to a system of equations and non-equations, and apply it to prove the security of the finalization function. Then we identify security requirements of the internal hash functions to ensure 3n/4-bit security of the resulting constructions when combined with the finalization function. Within this framework, we prove the security of DBH whose internal hash function is given as the concatenation of a universal hash function using two independent keys. This class of constructions include PolyMAC and SUM-ECBC. Moreover, we prove the security of PMAC-Plus, 3kf9 and LightMAC-Plus up to 2^{3n/4} queries.
Video from EUROCRYPT 2020
  title={Tight Security Bounds for Double-block Hash-then-Sum MACs},
  booktitle={39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings},
  series={Lecture Notes in Computer Science},
  keywords={message authentication codes;beyond-birthday-bound security;pseudorandom functions;mirror theory},
  author={Seongkwang Kim and Byeonghak Lee and Jooyoung Lee},