The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Nous revisitons la construction à double tube introduite par Lucks à Asiacrypt 2005. Lucks a initialement étudié la construction des fonctions de hachage itérées et a montré que l'approche est efficace pour améliorer la sécurité contre divers types de collisions et d'attaques de (seconde) préimage. Au lieu de cela, dans cet article, nous appliquons la construction au paramètre de clé secrète, où la fonction de compression FIL (fixed-input-length) sous-jacente est équipée d'une entrée de clé dédiée. Nous apportons quelques ajustements à la conception originale de Lucks afin que le nouveau mode fonctionne désormais avec une seule clé et fonctionne comme une extension de domaine des MAC (codes d'authentification de message). Bien que plus de deux fois plus lent que la construction Merkle-Damgård, le mode double canal bénéficie d'une sécurité renforcée au-delà de la limite anniversaire. Plus précisément, lors de l'itération d'un FIL-MAC dont la taille de sortie est n-bit, le nouveau mode double canal produit un AIL-(arbitrary-input-length-)MAC avec une sécurité jusqu'à O(2n) complexité des requêtes. Cette reliure contraste fortement avec la reliure anniversaire de O(2n/2), qui était la meilleure sécurité MAC réalisée par les constructions antérieures.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Kan YASUDA, "On the Full MAC Security of a Double-Piped Mode of Operation" in IEICE TRANSACTIONS on Fundamentals,
vol. E94-A, no. 1, pp. 84-91, January 2011, doi: 10.1587/transfun.E94.A.84.
Abstract: We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E94.A.84/_p
Copier
@ARTICLE{e94-a_1_84,
author={Kan YASUDA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On the Full MAC Security of a Double-Piped Mode of Operation},
year={2011},
volume={E94-A},
number={1},
pages={84-91},
abstract={We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.},
keywords={},
doi={10.1587/transfun.E94.A.84},
ISSN={1745-1337},
month={January},}
Copier
TY - JOUR
TI - On the Full MAC Security of a Double-Piped Mode of Operation
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 84
EP - 91
AU - Kan YASUDA
PY - 2011
DO - 10.1587/transfun.E94.A.84
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E94-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2011
AB - We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks originally studied the construction for iterated hash functions and showed that the approach is effective in improving security against various types of collision and (second-)preimage attacks. Instead, in this paper we apply the construction to the secret-key setting, where the underlying FIL (fixed-input-length) compression function is equipped with a dedicated key input. We make some adjustments to Lucks' original design so that now the new mode works with a single key and operates as a domain extension of MACs (message authentication codes). Though more than twice as slow as the Merkle-Damgård construction, the double-piped mode enjoys security strengthened beyond the birthday bound. More specifically, when iterating an FIL-MAC whose output size is n-bit, the new double-piped mode yields an AIL-(arbitrary-input-length-)MAC with security up to O(2n) query complexity. This bound contrasts sharply with the birthday bound of O(2n/2), which was the best MAC security accomplished by earlier constructions.
ER -