International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Number of Restricted Solutions to Constrained Systems and their Applications

Authors:
Benoît Cogliati , Thales DIS France SAS, Meudon, France
Ashwin Jha , Ruhr University Bochum, Bochum, Germany
Jordan Naccache , University of Luxembourg, Esch-sur-Alzette, Luxembourg
Mridul Nandi , Indian Statistical Institute, Kolkata, India
Abishanka Saha , Eindhoven University of Technology, Eindhoven, The Netherlands
Download:
Search ePrint
Search Google
Conference: ASIACRYPT 2025
Abstract: In this paper, we define a special class of systems of linear equations over finite fields that arise in the security analysis of various MAC and PRF modes. We establish lower bounds on the number of solutions for these systems under specific restrictions and use them to derive tight PRF security for several constructions. Specifically, we prove security up to $O(2^{3n/4})$ queries for the single-keyed variant of the Double-block Hash-then-Sum (DBHtS) construction, called 1k-DBHtS, assuming appropriate hash function properties. We show that the single-keyed variants of PMAC+ and LightMAC+, called 1k-PMAC+ and 1k-LightMAC+ satisfy these properties, achieving security up to $O(2^{3n/4})$ queries. Additionally, we show that the sum of $r$ independent Even-Mansour ciphers is secure up to $O(2^{\frac{r}{r+1}n})$ queries.
BibTeX
@inproceedings{asiacrypt-2025-36148,
  title={On the Number of Restricted Solutions to Constrained Systems and their Applications},
  publisher={Springer-Verlag},
  author={Benoît Cogliati and Ashwin Jha and Jordan Naccache and Mridul Nandi and Abishanka Saha},
  year=2025
}