Categorization of Faulty Nonce Misuse Resistant Message Authentication View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2021-12-01

AUTHORS

Yu Long Chen , Bart Mennink , Bart Preneel

ABSTRACT

A growing number of lightweight block ciphers are proposed for environments such as the Internet of Things. An important contribution to the reduced implementation cost is a block length n of 64 or 96 bits rather than 128 bits. As a consequence, encryption modes and message authentication code (MAC) algorithms require security beyond the 2n/2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{n/2}$$\end{document} birthday bound. This paper provides an extensive treatment of MAC algorithms that offer beyond birthday bound PRF security for both nonce-respecting and nonce-misusing adversaries. We study constructions that use two block cipher calls, one universal hash function call and an arbitrary number of XOR operations. We start with the separate problem of generically identifying all possible secure n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$n$$\end{document}-to-n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$n$$\end{document}-bit pseudorandom functions (PRFs) based on two block cipher calls. The analysis shows that the existing constructions EDM, SoP, and EDMD are the only constructions of this kind that achieve beyond birthday bound security. Subsequently we deliver an exhaustive treatment of MAC algorithms, where the outcome of a universal hash function evaluation on the message may be entered at any point in the computation of the PRF. We conclude that there are a total amount of nine schemes that achieve beyond birthday bound security, and a tenth construction that cannot be proven using currently known proof techniques. For these former nine MAC algorithms, three constructions achieve optimal n-bit security in the nonce-respecting setting, but are completely insecure if the nonce is reused. The remaining six constructions have 3n/4-bit security in the nonce-respecting setting, and only four out of these six constructions still achieve beyond the birthday bound security in the case of nonce misuse. More... »

PAGES

520-550

Book

TITLE

Advances in Cryptology – ASIACRYPT 2021

ISBN

978-3-030-92077-7
978-3-030-92078-4

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-92078-4_18

DOI

http://dx.doi.org/10.1007/978-3-030-92078-4_18

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1143487714


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Leuven, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Leuven, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Chen", 
        "givenName": "Yu Long", 
        "id": "sg:person.013361612064.29", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013361612064.29"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Digital Security Group, Radboud University, Nijmegen, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.5590.9", 
          "name": [
            "Digital Security Group, Radboud University, Nijmegen, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mennink", 
        "givenName": "Bart", 
        "id": "sg:person.012130641461.76", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012130641461.76"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "imec-COSIC, KU Leuven, Leuven, Belgium", 
          "id": "http://www.grid.ac/institutes/grid.5596.f", 
          "name": [
            "imec-COSIC, KU Leuven, Leuven, Belgium"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Preneel", 
        "givenName": "Bart", 
        "id": "sg:person.011115044357.39", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2021-12-01", 
    "datePublishedReg": "2021-12-01", 
    "description": "A growing number of lightweight block ciphers are proposed for environments such as the Internet of Things. An important contribution to the reduced implementation cost is a block length n of 64 or 96 bits rather than 128 bits. As a consequence, encryption modes and message authentication code (MAC) algorithms require security beyond the 2n/2\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^{n/2}$$\\end{document} birthday bound. This paper provides an extensive treatment of MAC algorithms that offer beyond birthday bound PRF security for both nonce-respecting and nonce-misusing adversaries. We study constructions that use two block cipher calls, one universal hash function call and an arbitrary number of XOR operations. We start with the separate problem of generically identifying all possible secure n\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$n$$\\end{document}-to-n\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$n$$\\end{document}-bit pseudorandom functions (PRFs) based on two block cipher calls. The analysis shows that the existing constructions EDM, SoP, and EDMD are the only constructions of this kind that achieve beyond birthday bound security. Subsequently we deliver an exhaustive treatment of MAC algorithms, where the outcome of a universal hash function evaluation on the message may be entered at any point in the computation of the PRF. We conclude that there are a total amount of nine schemes that achieve beyond birthday bound security, and a tenth construction that cannot be proven using currently known proof techniques. For these former nine MAC algorithms, three constructions achieve optimal n-bit security in the nonce-respecting setting, but are completely insecure if the nonce is reused. The remaining six constructions have 3n/4-bit security in the nonce-respecting setting, and only four out of these six constructions still achieve beyond the birthday bound security in the case of nonce misuse.", 
    "editor": [
      {
        "familyName": "Tibouchi", 
        "givenName": "Mehdi", 
        "type": "Person"
      }, 
      {
        "familyName": "Wang", 
        "givenName": "Huaxiong", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-92078-4_18", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-030-92077-7", 
        "978-3-030-92078-4"
      ], 
      "name": "Advances in Cryptology \u2013 ASIACRYPT 2021", 
      "type": "Book"
    }, 
    "keywords": [
      "MAC algorithm", 
      "pseudorandom functions", 
      "nonce-respecting setting", 
      "message authentication code (MAC) algorithms", 
      "block cipher calls", 
      "Internet of Things", 
      "hash function evaluations", 
      "n-bit security", 
      "lightweight block ciphers", 
      "message authentication", 
      "encryption mode", 
      "nonce misuse", 
      "XOR operation", 
      "function calls", 
      "block cipher", 
      "block length n", 
      "code algorithm", 
      "security", 
      "implementation cost", 
      "algorithm", 
      "proof technique", 
      "PRF-security", 
      "only construction", 
      "function evaluations", 
      "separate problems", 
      "arbitrary number", 
      "bits", 
      "authentication", 
      "nonce", 
      "Internet", 
      "adversary", 
      "cipher", 
      "length n", 
      "computation", 
      "things", 
      "messages", 
      "calls", 
      "scheme", 
      "construction", 
      "categorization", 
      "environment", 
      "cost", 
      "operation", 
      "technique", 
      "number", 
      "kind", 
      "setting", 
      "evaluation", 
      "misuse", 
      "point", 
      "important contribution", 
      "amount", 
      "EDMD", 
      "SOP", 
      "contribution", 
      "function", 
      "analysis", 
      "EDM", 
      "mode", 
      "cases", 
      "exhaustive treatment", 
      "total amount", 
      "consequences", 
      "birthday", 
      "extensive treatment", 
      "outcomes", 
      "treatment", 
      "paper", 
      "problem"
    ], 
    "name": "Categorization of Faulty Nonce Misuse Resistant Message Authentication", 
    "pagination": "520-550", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1143487714"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-92078-4_18"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-92078-4_18", 
      "https://app.dimensions.ai/details/publication/pub.1143487714"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-10-01T06:56", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221001/entities/gbq_results/chapter/chapter_329.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-92078-4_18"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-92078-4_18'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-92078-4_18'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-92078-4_18'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-92078-4_18'


 

This table displays all metadata directly associated to this object as RDF triples.

150 TRIPLES      22 PREDICATES      93 URIs      86 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-92078-4_18 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N4db7874522f949fea59fc614f7bef35b
4 schema:datePublished 2021-12-01
5 schema:datePublishedReg 2021-12-01
6 schema:description A growing number of lightweight block ciphers are proposed for environments such as the Internet of Things. An important contribution to the reduced implementation cost is a block length n of 64 or 96 bits rather than 128 bits. As a consequence, encryption modes and message authentication code (MAC) algorithms require security beyond the 2n/2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{n/2}$$\end{document} birthday bound. This paper provides an extensive treatment of MAC algorithms that offer beyond birthday bound PRF security for both nonce-respecting and nonce-misusing adversaries. We study constructions that use two block cipher calls, one universal hash function call and an arbitrary number of XOR operations. We start with the separate problem of generically identifying all possible secure n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$n$$\end{document}-to-n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$n$$\end{document}-bit pseudorandom functions (PRFs) based on two block cipher calls. The analysis shows that the existing constructions EDM, SoP, and EDMD are the only constructions of this kind that achieve beyond birthday bound security. Subsequently we deliver an exhaustive treatment of MAC algorithms, where the outcome of a universal hash function evaluation on the message may be entered at any point in the computation of the PRF. We conclude that there are a total amount of nine schemes that achieve beyond birthday bound security, and a tenth construction that cannot be proven using currently known proof techniques. For these former nine MAC algorithms, three constructions achieve optimal n-bit security in the nonce-respecting setting, but are completely insecure if the nonce is reused. The remaining six constructions have 3n/4-bit security in the nonce-respecting setting, and only four out of these six constructions still achieve beyond the birthday bound security in the case of nonce misuse.
7 schema:editor Ncc96d8d04ebc4565ac9533f031341843
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf N02696df0d1d64f20bb8c7b134b8fe214
11 schema:keywords EDM
12 EDMD
13 Internet
14 Internet of Things
15 MAC algorithm
16 PRF-security
17 SOP
18 XOR operation
19 adversary
20 algorithm
21 amount
22 analysis
23 arbitrary number
24 authentication
25 birthday
26 bits
27 block cipher
28 block cipher calls
29 block length n
30 calls
31 cases
32 categorization
33 cipher
34 code algorithm
35 computation
36 consequences
37 construction
38 contribution
39 cost
40 encryption mode
41 environment
42 evaluation
43 exhaustive treatment
44 extensive treatment
45 function
46 function calls
47 function evaluations
48 hash function evaluations
49 implementation cost
50 important contribution
51 kind
52 length n
53 lightweight block ciphers
54 message authentication
55 message authentication code (MAC) algorithms
56 messages
57 misuse
58 mode
59 n-bit security
60 nonce
61 nonce misuse
62 nonce-respecting setting
63 number
64 only construction
65 operation
66 outcomes
67 paper
68 point
69 problem
70 proof technique
71 pseudorandom functions
72 scheme
73 security
74 separate problems
75 setting
76 technique
77 things
78 total amount
79 treatment
80 schema:name Categorization of Faulty Nonce Misuse Resistant Message Authentication
81 schema:pagination 520-550
82 schema:productId N36ce35b2fcc644149989c898115e2611
83 N63e4298f0606444b9f5a262e836d2284
84 schema:publisher N1eb9ade8a123405097cf7ebe7cd19b4b
85 schema:sameAs https://app.dimensions.ai/details/publication/pub.1143487714
86 https://doi.org/10.1007/978-3-030-92078-4_18
87 schema:sdDatePublished 2022-10-01T06:56
88 schema:sdLicense https://scigraph.springernature.com/explorer/license/
89 schema:sdPublisher N9e67dcd9fb714f24a77600fcfe56ad93
90 schema:url https://doi.org/10.1007/978-3-030-92078-4_18
91 sgo:license sg:explorer/license/
92 sgo:sdDataset chapters
93 rdf:type schema:Chapter
94 N02696df0d1d64f20bb8c7b134b8fe214 schema:isbn 978-3-030-92077-7
95 978-3-030-92078-4
96 schema:name Advances in Cryptology – ASIACRYPT 2021
97 rdf:type schema:Book
98 N1eb9ade8a123405097cf7ebe7cd19b4b schema:name Springer Nature
99 rdf:type schema:Organisation
100 N312391fa265d47dea43e00c55aa2f838 rdf:first sg:person.012130641461.76
101 rdf:rest Ndd7a3c1a8a6940d5b2b53efe770ccaab
102 N36ce35b2fcc644149989c898115e2611 schema:name dimensions_id
103 schema:value pub.1143487714
104 rdf:type schema:PropertyValue
105 N45134355ec7047b08d24ef6aa3a279fa schema:familyName Wang
106 schema:givenName Huaxiong
107 rdf:type schema:Person
108 N4db7874522f949fea59fc614f7bef35b rdf:first sg:person.013361612064.29
109 rdf:rest N312391fa265d47dea43e00c55aa2f838
110 N5c7e73d9e8e340559f45eabe00341457 schema:familyName Tibouchi
111 schema:givenName Mehdi
112 rdf:type schema:Person
113 N63e4298f0606444b9f5a262e836d2284 schema:name doi
114 schema:value 10.1007/978-3-030-92078-4_18
115 rdf:type schema:PropertyValue
116 N9e67dcd9fb714f24a77600fcfe56ad93 schema:name Springer Nature - SN SciGraph project
117 rdf:type schema:Organization
118 Ncc96d8d04ebc4565ac9533f031341843 rdf:first N5c7e73d9e8e340559f45eabe00341457
119 rdf:rest Nea6292f946904df4ab8716f363d25635
120 Ndd7a3c1a8a6940d5b2b53efe770ccaab rdf:first sg:person.011115044357.39
121 rdf:rest rdf:nil
122 Nea6292f946904df4ab8716f363d25635 rdf:first N45134355ec7047b08d24ef6aa3a279fa
123 rdf:rest rdf:nil
124 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
125 schema:name Information and Computing Sciences
126 rdf:type schema:DefinedTerm
127 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
128 schema:name Data Format
129 rdf:type schema:DefinedTerm
130 sg:person.011115044357.39 schema:affiliation grid-institutes:grid.5596.f
131 schema:familyName Preneel
132 schema:givenName Bart
133 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011115044357.39
134 rdf:type schema:Person
135 sg:person.012130641461.76 schema:affiliation grid-institutes:grid.5590.9
136 schema:familyName Mennink
137 schema:givenName Bart
138 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012130641461.76
139 rdf:type schema:Person
140 sg:person.013361612064.29 schema:affiliation grid-institutes:grid.5596.f
141 schema:familyName Chen
142 schema:givenName Yu Long
143 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013361612064.29
144 rdf:type schema:Person
145 grid-institutes:grid.5590.9 schema:alternateName Digital Security Group, Radboud University, Nijmegen, The Netherlands
146 schema:name Digital Security Group, Radboud University, Nijmegen, The Netherlands
147 rdf:type schema:Organization
148 grid-institutes:grid.5596.f schema:alternateName imec-COSIC, KU Leuven, Leuven, Belgium
149 schema:name imec-COSIC, KU Leuven, Leuven, Belgium
150 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...