Skip to main content
Springer Nature Link
Log in

Toward Full n-bit Security and Nonce Misuse Resistance of Block Cipher-Based MACs

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2024 (ASIACRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15492))

  • 246 Accesses

Abstract

In this paper, we study the security of MAC constructions among those classified by Chen et al. in ASIACRYPT ’21. Precisely, \(F^{\text {EDM}}_{B_2}\) (or \(\textsf{EWCDM}\) as named by Cogliati and Seurin in CRYPTO ’16), \(F^{\text {EDM}}_{B_3}\), \(F^{\text {SoP}}_{B_2}\), \(F^{\text {SoP}}_{B_3}\) (all as named by Chen et al.) are proved to be fully secure up to \(2^n\) MAC queries in the nonce-respecting setting, improving the previous bound of \(\frac{3n}{4}\)-bit security. In particular, \(F^{\text {SoP}}_{B_2}\) and \(F^{\text {SoP}}_{B_3}\) enjoy graceful degradation as the number of queries with repeated nonces grows (when the underlying universal hash function satisfies a certain property called multi-xor-collision resistance). To do this, we develop a new tool, namely, extended Mirror theory for two independent permutations with a wide range of \(\xi _{\max }\) including inequalities. We also present matching attacks on \(F^{\text {EDM}}_{B_4}\) and \(F^{\text {EDM}}_{B_5}\) using \(O(2^{3n/4})\) MAC queries and O(1) verification query without using repeated nonces.

Wonseok Choi was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. RS-2023-00239620), by AnalytiXIN, and by Sunday Group.

Jooyoung Lee was supported by the MSIT(Ministry of Science and ICT), Korea, under the Convergence security core talent training business support program(IITP- 2024-II221202) supervised by the IITP (Institute of Information & Communications Technology Planning & Evaluation).

This work was done while Yeongmin Lee was a PhD student at KAIST.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: A Small Present. In: Fischer, W., Homma, N. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer (2017). https://doi.org/10.1007/978-3-319-66787-4_16

  2. Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3), 362–399 (2000)

    Google Scholar 

  3. Bellare, M., Pietrzak, K., Rogaway, P.: Improved security analyses for cbc macs. In: Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings. Lecture Notes in Computer Science, vol. 3621, pp. 527–545. Springer (2005). https://doi.org/10.1007/11535218_32

  4. Bernstein, D.J.: Stronger Security Bounds for Wegman-Carter-Shoup Authenticators. In: Cramer, R. (ed.) Advances in Cryptology - EUROCRYPT 2005. LNCS, vol. 3494, pp. 164–180. Springer (2005). https://doi.org/10.1007/11426639_10

  5. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) Fast Software Encryption. LNCS, vol. 3557, pp. 32–49. Springer (2005). https://doi.org/10.1007/11502760_3

  6. Bhargavan, K., Leurent, G.: On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS. pp. 456–467. ACM (2016). https://doi.org/10.1145/2976749.2978423

  7. Black, J., Rogaway, P.: A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In: Knudsen, L.R. (ed.) Advances in Cryptology - EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer (2002). https://doi.org/10.1007/3-540-46035-7_25, https://iacr.org/archive/eurocrypt2002/23320380/pmac.pdf

  8. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer (2007). https://doi.org/10.1007/978-3-540-74735-2_31

  9. Chen, Y.L., Mennink, B., Preneel, B.: Categorization of Faulty Nonce Misuse Resistant Message Authentication. In: Tibouchi, M., Wang, H. (eds.) Advances in Cryptology - ASIACRYPT 2021. LNCS, vol. 13092, pp. 520–550. Springer (2021). https://doi.org/10.1007/978-3-030-92078-4_18

  10. Choi, W., Lee, B., Lee, Y., Lee, J.: Improved security analysis for nonce-based enhanced hash-then-mask MACs. In: Moriai, S., Wang, H. (eds.) Advances in Cryptology – ASIACRYPT 2020. LNCS, vol. 12491, pp. 697–723. Springer (2020). https://doi.org/10.1007/978-3-030-64837-4_23

  11. Choi, W., Lee, J., Lee, Y.: Toward full \(n\)-bit security and nonce misuse resistance of block cipher-based MACs. Cryptology ePrint Archive, Paper 2024/731 (2024), https://eprint.iacr.org/2024/731

  12. Cogliati, B., Dutta, A., Nandi, M., Patarin, J., Saha, A.: Proof of Mirror Theory for a Wide Range of \(\xi \)\(_{\max }\). In: Hazay, C., Stam, M. (eds.) Advances in Cryptology – EUROCRYPT 2023. LNCS, vol. 14007, pp. 470–501. Springer (2023). https://doi.org/10.1007/978-3-031-30634-1_16

  13. Cogliati, B., Seurin, Y.: EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC. In: Robshaw, M., Katz, J. (eds.) Advances in Cryptology - CRYPTO 2016. LNCS, vol. 9814, pp. 121–149. Springer (2016). https://doi.org/10.1007/978-3-662-53018-4_5

  14. Datta, N., Dutta, A., Dutta, K.: Improved Security Bound of (E/D)WCDM. IACR Transactions on Symmetric Cryptology Issue 4, 138–176 (2021). https://doi.org/10.46586/tosc.v2021.i4.138-176

  15. Datta, N., Dutta, A., Nandi, M., Yasuda, K.: Encrypt or Decrypt? To Make a Single-Key Beyond Birthday Secure Nonce-Based MAC. In: Shacham, H., Boldyreva, A. (eds.) Advances in Cryptology - CRYPTO 2018. LNCS, vol. 10991, pp. 631–661. Springer (2018). https://doi.org/10.1007/978-3-319-96884-1_21

  16. Dutta, A., Nandi, M., Talnikar, S.: Beyond Birthday Bound Secure MAC in Faulty Nonce Model. In: Ishai, Y., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2019. LNCS, vol. 11476, pp. 437–466. Springer (2019). https://doi.org/10.1007/978-3-030-17653-2_15

  17. Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer (2011). https://doi.org/10.1007/978-3-642-23951-9_22

  18. Handschuh, H., Preneel, B.: Key-recovery attacks on universal hash function based mac algorithms. In: Advances in Cryptology - CRYPTO 2008, 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008. Lecture Notes in Computer Science, vol. 5157, pp. 144–161. Springer (2008). https://doi.org/10.1007/978-3-540-85174-5_9, https://iacr.org/archive/crypto2008/51570145/51570145.pdf

  19. Information technology – Security techniques – Message Authentication Codes (MACs) – Part 1: Mechanisms using a block cipher. Standard, International Organization for Standardization (Mar 2011)

    Google Scholar 

  20. Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) Fast Software Encryption. LNCS, vol. 2887, pp. 129–153. Springer (2003). https://doi.org/10.1007/978-3-540-39887-5_11, https://iacr.org/archive/fse2003/28870137/28870137.pdf

  21. Jha, A., Nandi, M.: Revisiting structure graphs: Applications to cbc-mac and emac. Journal of Mathematical Cryptology 10(3-4), 157–180 (2016)

    Google Scholar 

  22. Mennink, B., Neves, S.: Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory. In: Katz, J., Shacham, H. (eds.) Advances in Cryptology - CRYPTO 2017. LNCS, vol. 10403, pp. 556–583. Springer (2017). https://doi.org/10.1007/978-3-319-63697-9_19

  23. Minematsu, K., Iwata, T.: Building blockcipher from tweakable blockcipher: Extending fse 2009 proposal. In: Cryptography and Coding: 13th IMA International Conference, IMACC 2011, Oxford, UK, December 12-15, 2011. Proceedings 13. pp. 391–412. Springer (2011)

    Google Scholar 

  24. Morris J. Dworkin: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D (Nov 28 2007)

    Google Scholar 

  25. Naito, Y.: Blockcipher-Based MACs: Beyond the Birthday Bound Without Message Length. In: ASIACRYPT (3). pp. 446–470. Springer (2017). https://doi.org/10.1007/978-3-319-70700-6_16

  26. Patarin, J.: Introduction to Mirror Theory: Analysis of Systems of Linear Equalities and Linear Non Equalities for Cryptography. IACR Cryptology ePrint Archive, Report 2010/287 (2010), available at https://eprint.iacr.org/2010/287

  27. Patarin, J.: Mirror Theory and Cryptography. IACR Cryptology ePrint Archive, Report 2016/702 (2016), available at https://eprint.iacr.org/2016/702

  28. Pietrzak, K.: A tight bound for emac. In: Automata, Languages and Programming: 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II 33. pp. 168–179. Springer (2006)

    Google Scholar 

  29. Shoup, V.: On Fast and Provably Secure Message Authentication Based on Universal Hashing. In: Koblitz, N. (ed.) Advances in Cryptology - CRYPTO ’96. LNCS, vol. 1109, pp. 313–328. Springer (1996). https://doi.org/10.1007/3-540-68697-5_24

  30. Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22, Issue 3, 265–279 (1981)

    Google Scholar 

  31. Yasuda, K.: The sum of CBC MACs is a secure PRF. In: Cryptographers’ Track at the RSA Conference. pp. 366–381. Springer (2010)

    Google Scholar 

  32. Yasuda, K.: A New Variant of PMAC: Beyond the Birthday Bound. In: Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference. Lecture Notes in Computer Science, vol. 6841, p. 593. Springer (2011). https://doi.org/10.1007/978-3-642-22792-9_34, https://www.iacr.org/archive/crypto2011/68410593/68410593.pdf

  33. Zhang, L., Wu, W., Sui, H., Wang, P.: 3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound. In: ASIACRYPT. vol. 7658, pp. 296–312. Springer (2012). https://doi.org/10.1007/978-3-642-34961-4_19, https://www.iacr.org/archive/asiacrypt2012/76580291/76580291.pdf

Download references

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, IN, USA

    Wonseok Choi

  2. Georgia Institute of Technology, Atlanta, GA, USA

    Wonseok Choi

  3. KAIST, Daejeon, Korea

    Jooyoung Lee

  4. DESILO Inc., Seoul, Korea

    Yeongmin Lee

Authors
  1. Wonseok Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jooyoung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yeongmin Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Wonseok Choi , Jooyoung Lee or Yeongmin Lee .

Editor information

Editors and Affiliations

  1. Academia Sinica, Taipei, Taiwan

    Kai-Min Chung

  2. NTT Social Informatics Laboratories, Tokyo, Japan

    Yu Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2025 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Choi, W., Lee, J., Lee, Y. (2025). Toward Full n-bit Security and Nonce Misuse Resistance of Block Cipher-Based MACs. In: Chung, KM., Sasaki, Y. (eds) Advances in Cryptology – ASIACRYPT 2024. ASIACRYPT 2024. Lecture Notes in Computer Science, vol 15492. Springer, Singapore. https://doi.org/10.1007/978-981-96-0947-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-96-0947-5_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-96-0946-8

  • Online ISBN: 978-981-96-0947-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics