Message Authentication Codes Secure against Additively Related-Key Attacks (original) (raw)

Paper 2013/111

Message Authentication Codes Secure against Additively Related-Key Attacks

Keita Xagawa

Abstract

Message Authentication Code (MAC) is one of most basic primitives in cryptography. After Biham (EUROCRYPT 1993) and Knudsen (AUSCRYPT 1992) proposed related-key attacks (RKAs), RKAs have damaged MAC's security. To relieve MAC of RKA distress, Bellare and Cash proposed pseudo-random functions (PRFs) secure against multiplicative RKAs (CRYPTO 2010). They also proposed PRFs secure against additive RKAs, but their reduction requires sub-exponential time. Since PRF directly implies Fixed-Input Length (FIL) MAC, their PRFs result in MACs secure against multiplicative RKAs. In this paper, we proposed Variable-Input Length (VIL) MAC secure against additive RKAs, whose reductions are polynomial time in the security parameter. Our construction stems from MACs from number-theoretic assumptions proposed by Dodis, Kiltz, Pietrzak, Wichs (EUROCRYPT 2012) and public-key encryption schemes secure against additive RKAs proposed by Wee (PKC 2012).

Note: Correct minor typos

BibTeX

@misc{cryptoeprint:2013/111, author = {Keita Xagawa}, title = {Message Authentication Codes Secure against Additively Related-Key Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/111}, year = {2013}, url = {https://eprint.iacr.org/2013/111} }