DWCDM+: A bbb secure nonce based mac

Article Type

Research Article

Publication Title

Advances in Mathematics of Communications


In CRYPTO 2016, Cogliati and Seurin have proposed a nonce- based MAC called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), from an n-bit block cipher E and an n-bit almost xor universal hash function H as EK2 (EK1 (N) N HKh(M)) _for a nonce N and a message M that provides roughly 2n=3-bit MAC secu- rity. However, obtaining the similar security using a single block cipher key was posed as an open research problem. In this paper, we present Decrypted Wegman-Carter with Davies-Meyer (DWCDM+) construction based on a sin- gle block cipher key that provides 2n/3-bit MAC security from an n-bit block cipher E and an n-bit k-regular (∀k≤n), almost xor universal hash function H as E-1K(EK(N) N HKh(M)). DWCDM+ is structurally very similar to its predecessor EWCDM except that the facts that (i) the number of block cipher keys reduced from 2 to 1 and (ii) the outer encryption call is replaced by a decryption one. To make the construction truely single-keyed, here we derive the hash key Kh as the block cipher output of a Fxed string 0n-2ǁ10 as long as the hash key is of n bits. We show that if the nonce space is restricted to (n-1) bits, DWCDM+ is secured roughly up to 22n/3 MAC queries (2n/2 MAC queries) and 2n verifcation queries against nonce respecting (nonce misuse resp.) adversaries.

First Page


Last Page




Publication Date



Open Access, Gold