---
res:
bibo_abstract:
- PMAC is a simple and parallel block-cipher mode of operation, which was introduced
by Black and Rogaway at Eurocrypt 2002. If instantiated with a (pseudo)random
permutation over n-bit strings, PMAC constitutes a provably secure variable input-length
(pseudo)random function. For adversaries making q queries, each of length at most
l (in n-bit blocks), and of total length σ ≤ ql, the original paper proves an
upper bound on the distinguishing advantage of Ο(σ2/2n), while the currently
best bound is Ο (qσ/2n).In this work we show that this bound is tight by giving
an attack with advantage Ω (q2l/2n). In the PMAC construction one initially XORs
a mask to every message block, where the mask for the ith block is computed as
τi := γi·L, where L is a (secret) random value, and γi is the i-th codeword of
the Gray code. Our attack applies more generally to any sequence of γi’s which
contains a large coset of a subgroup of GF(2n). We then investigate if the security
of PMAC can be further improved by using τi’s that are k-wise independent, for
k > 1 (the original distribution is only 1-wise independent). We observe that
the security of PMAC will not increase in general, even if the masks are chosen
from a 2-wise independent distribution, and then prove that the security increases
to O(q<2/2n), if the τi are 4-wise independent. Due to simple extension attacks,
this is the best bound one can hope for, using any distribution on the masks.
Whether 3-wise independence is already sufficient to get this level of security
is left as an open problem.@eng
bibo_authorlist:
- foaf_Person:
foaf_givenName: Peter
foaf_name: Gazi, Peter
foaf_surname: Gazi
foaf_workInfoHomepage: http://www.librecat.org/personId=3E0BFE38-F248-11E8-B48F-1D18A9856A87
- foaf_Person:
foaf_givenName: Krzysztof Z
foaf_name: Pietrzak, Krzysztof Z
foaf_surname: Pietrzak
foaf_workInfoHomepage: http://www.librecat.org/personId=3E04A7AA-F248-11E8-B48F-1D18A9856A87
- foaf_Person:
foaf_givenName: Michal
foaf_name: Rybar, Michal
foaf_surname: Rybar
foaf_workInfoHomepage: http://www.librecat.org/personId=2B3E3DE8-F248-11E8-B48F-1D18A9856A87
bibo_doi: 10.13154/TOSC.V2016.I2.145-161
bibo_issue: '2'
bibo_volume: 2016
dct_date: 2017^xs_gYear
dct_isPartOf:
- http://id.crossref.org/issn/2519-173X
dct_language: eng
dct_publisher: Ruhr University Bochum@
dct_title: The exact security of PMAC@
...