IEICE TRANSACTIONS on Fundamentals
On the Full MAC Security of a Double-Piped Mode of Operation
Summary :
We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E94-A No.1 pp.84-91
- Publication Date
- 2011/01/01
- Publicized
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.E94.A.84
- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)
- Category
- Identification
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Kan YASUDA, "On the Full MAC Security of a Double-Piped Mode of Operation" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 1, pp. 84-91, January 2011, doi: 10.1587/transfun.E94.A.84.
Abstract: We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.84/_p
Copy
@ARTICLE{e94-a_1_84,
author={Kan YASUDA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On the Full MAC Security of a Double-Piped Mode of Operation},
year={2011},
volume={E94-A},
number={1},
pages={84-91},
abstract={We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.},
keywords={},
doi={10.1587/transfun.E94.A.84},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - On the Full MAC Security of a Double-Piped Mode of Operation
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 84
EP - 91
AU - Kan YASUDA
PY - 2011
DO - 10.1587/transfun.E94.A.84
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2011
AB - We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.
ER -
English
