TIGHT SECURITY ANALYSIS OF THE PUBLIC PERMUTATION-BASED PMAC Plus

Authors

Avijit Dutta, Institute for Advancing Intelligence
Mridul Nandi, Indian Statistical Institute, Kolkata
Suprita Talnikar, Radboud Universiteit

Article Type

Research Article

Publication Title

Advances in Mathematics of Communications

Abstract

In CRYPTO 2011, Yasuda proposed a variable input-length PRF based on an n-bit block cipher, called PMAC Plus. PMAC Plus is a rate-1 construction and inherits the well-known PMAC parallel network with a low additional cost. However, unlike PMAC, PMAC Plus is secure roughly up to 2^2n/3 queries. Later in CRYPTO 2018, Leurent et al., and then Lee et al. in EUROCRYPT 2020 established a tight security bound of 2^3n/4 on PMAC Plus. In this paper, we propose a public permutation-based variable input-length PRF called pPMAC Plus. We show that pPMAC Plus is secure against all adversaries that make at most 2^2n/3 queries. We also show that the bound is essentially tight. It is of note here that instantiation of each block cipher of PMAC Plus with the two-round iterated Even-Mansour cipher can yield a beyond-birthday-secure PRF based on public permutations. Altogether, the solution incurs (2ℓ + 4) permutation calls, whereas our proposal requires only (ℓ + 2) permutation calls, ℓ being the maximum number of message blocks.

First Page

1842

Last Page

1876

DOI

10.3934/amc.2023025

Publication Date

1-1-2024

Comments

Open Access; Gold Open Access

Recommended Citation

Dutta, Avijit; Nandi, Mridul; and Talnikar, Suprita, "TIGHT SECURITY ANALYSIS OF THE PUBLIC PERMUTATION-BASED PMAC Plus" (2024). Journal Articles. 5162.
https://digitalcommons.isical.ac.in/journal-articles/5162