Generic attacks against beyond-birthday-bound MACs
Document Type
Conference Article
Publication Title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Abstract
In this work, we study the security of several recent MAC constructions with provable security beyond the birthday bound. We consider block-cipher based constructions with a double-block internal state, such as SUM-ECBC, PMAC+, 3kf9, GCM-SIV2, and some variants (LightMAC+, 1kPMAC+). All these MACs have a security proof up to 22n/3 queries, but there are no known attacks with less than $$2^{n}$$ queries. We describe a new cryptanalysis technique for double-block MACs based on finding quadruples of messages with four pairwise collisions in halves of the state. We show how to detect such quadruples in SUM-ECBC, PMAC+, 3kf9, GCM-SIV2 and their variants with O(23n/4) queries, and how to build a forgery attack with the same query complexity. The time complexity of these attacks is above 2n, but it shows that the schemes do not reach full security in the information theoretic model. Surprisingly, our attack on LightMAC+ also invalidates a recent security proof by Naito. Moreover, we give a variant of the attack against SUM-ECBC and GCM-SIV2 with time and data complexity (formula presented). As far as we know, this is the first attack with complexity below 2n against a deterministic beyond-birthday-bound secure MAC. As a side result, we also give a birthday attack against 1kf9, a single-key variant of 3kf9 that was withdrawn due to issues with the proof.
First Page
306
Last Page
336
DOI
10.1007/978-3-319-96884-1_11
Publication Date
1-1-2018
Recommended Citation
Leurent, Gaëtan; Nandi, Mridul; and Sibleyras, Ferdinand, "Generic attacks against beyond-birthday-bound MACs" (2018). Conference Articles. 146.
https://digitalcommons.isical.ac.in/conf-articles/146
Comments
Open Access, Green