---
res:
bibo_abstract:
- This paper studies the concrete security of PRFs and MACs obtained by keying hash
functions based on the sponge paradigm. One such hash function is KECCAK, selected
as NIST’s new SHA-3 standard. In contrast to other approaches like HMAC, the exact
security of keyed sponges is not well understood. Indeed, recent security analyses
delivered concrete security bounds which are far from existing attacks. This paper
aims to close this gap. We prove (nearly) exact bounds on the concrete PRF security
of keyed sponges using a random permutation. These bounds are tight for the most
relevant ranges of parameters, i.e., for messages of length (roughly) l ≤ min{2n/4,
2r} blocks, where n is the state size and r is the desired output length; and
for l ≤ q queries (to the construction or the underlying permutation). Moreover,
we also improve standard-model bounds. As an intermediate step of independent
interest, we prove tight bounds on the PRF security of the truncated CBC-MAC construction,
which operates as plain CBC-MAC, but only returns a prefix of the output.@eng
bibo_authorlist:
- foaf_Person:
foaf_givenName: Peter
foaf_name: Gazi, Peter
foaf_surname: Gazi
foaf_workInfoHomepage: http://www.librecat.org/personId=3E0BFE38-F248-11E8-B48F-1D18A9856A87
- foaf_Person:
foaf_givenName: Krzysztof Z
foaf_name: Pietrzak, Krzysztof Z
foaf_surname: Pietrzak
foaf_workInfoHomepage: http://www.librecat.org/personId=3E04A7AA-F248-11E8-B48F-1D18A9856A87
- foaf_Person:
foaf_givenName: Stefano
foaf_name: Tessaro, Stefano
foaf_surname: Tessaro
bibo_doi: 10.1007/978-3-662-47989-6_18
bibo_volume: 9215
dct_date: 2015^xs_gYear
dct_language: eng
dct_publisher: Springer@
dct_title: 'The exact PRF security of truncation: Tight bounds for keyed sponges
and truncated CBC@'
...