Article

On the Security of Keyed Hashing Based on Public Permutations

Authors:

Jonathan Fuchs,

Joan DaemenAuthors Info & Claims

Advances in Cryptology – CRYPTO 2023: 43rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20–24, 2023, Proceedings, Part III

Pages 607 - 627

https://doi.org/10.1007/978-3-031-38548-3_20

Published: 20 August 2023 Publication History

Abstract

Doubly-extendable cryptographic keyed functions (deck) generalize the concept of message authentication codes (MAC) and stream ciphers in that they support variable-length strings as input and return variable-length strings as output. A prominent example of building deck functions is Farfalle, which consists of a set of public permutations and rolling functions that are used in its compression and expansion layers. By generalizing the compression layer of Farfalle, we prove its universality in terms of the probability of differentials over the public permutation used in it. As the compression layer of Farfalle is inherently parallel, we compare it to a generalization of a serial compression function inspired by Pelican-MAC. The same public permutation may result in different universalities depending on whether the compression is done in parallel or serial. The parallel construction consistently performs better than the serial one, sometimes by a big factor. We demonstrate this effect using Xoodoo

[3]

, which is a round-reduced variant of the public permutation used in the deck function Xoofff.

References

[1]

Bellare M, Canetti R, and Krawczyk H Koblitz N Keying hash functions for message authentication Advances in Cryptology — CRYPTO ’96 1996 Heidelberg Springer 1-15

[2]

Bellare M, Kilian J, and Rogaway P Desmedt YG The security of cipher block chaining Advances in Cryptology — CRYPTO ’94 1994 Heidelberg Springer 341-358

[3]

Bernstein DJ How to stretch random functions: The security of protected counter sums J. Cryptol. 1999 12 3 185-192

Digital Library

[4]

Bernstein DJ Gilbert H and Handschuh H The Poly1305-AES message-authentication code Fast Software Encryption 2005 Heidelberg Springer 32-49

Digital Library

[5]

Bertoni, G., Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Farfalle: parallel permutation-based cryptography. IACR Trans. Symmetric Cryptol. 2017(4), 1–38 (2017). https://tosc.iacr.org/index.php/ToSC/article/view/801

[6]

Bertoni G, Daemen J, Peeters M, and Van Assche G Smart N On the indifferentiability of the sponge construction Advances in Cryptology – EUROCRYPT 2008 2008 Heidelberg Springer 181-197

[7]

Black J and Rogaway P Knudsen LR A block-cipher mode of operation for parallelizable message authentication Advances in Cryptology — EUROCRYPT 2002 2002 Heidelberg Springer 384-397

[8]

Bordes N, Daemen J, Kuijsters D, and Van Assche G Malkin T and Peikert C Thinking outside the superbox Advances in Cryptology – CRYPTO 2021 2021 Cham Springer 337-367

Digital Library

[9]

Daemen, J.: Cipher and hash function design, strategies based on linear and differential cryptanalysis, PhD Thesis. K.U.Leuven (1995). http://jda.noekeon.org/

[10]

Daemen, J., Hoffert, S., Peeters, M., Assche, G.V., Keer, R.V.: Xoodoo cookbook. Cryptology ePrint Archive, Paper 2018/767 (2018). https://eprint.iacr.org/2018/767

[11]

Daemen, J., Hoffert, S., Van Assche, G., Van Keer, R.: DC-Xoodoo-3r.txt (2018). https://github.com/KeccakTeam/Xoodoo/blob/master/XooTools/Trails/DC-Xoodoo-3r.txt/

[12]

Daemen, J., Hoffert, S., Van Assche, G., Van Keer, R.: The design of Xoodoo and Xoofff. IACR Trans. Symmetric Cryptol. 2018(4), 1–38 (2018), https://doi.org/10.13154/tosc.v2018.i4.1-38

[13]

Daemen, J., Mella, S., Van Assche, G.: Tighter trail bounds for Xoodoo. Cryptology ePrint Archive, Paper 2022/1088 (2022). https://eprint.iacr.org/2022/1088

[14]

Daemen J, Mennink B, and Van Assche G Takagi T and Peyrin T Full-State Keyed Duplex with Built-In Multi-user Support Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 606-637

[15]

Daemen J and Rijmen V Gilbert H and Handschuh H A new MAC construction ALRED and a specific instance ALPHA-MAC Fast Software Encryption 2005 Heidelberg Springer 1-17

Digital Library

[16]

Daemen, J., Rijmen, V.: The Pelican MAC Function. IACR Cryptol. ePrint Arch. 2005, 88 (2005). http://eprint.iacr.org/2005/088

[17]

Daemen J and Rijmen V Refinements of the ALRED construction and MAC security claims IET Inf. Secur. 2010 4 3 149-157

[18]

Daemen J and Van Assche G Canteaut A Differential propagation analysis of keccak Fast Software Encryption 2012 Heidelberg Springer 422-441

Digital Library

[19]

Dobraunig, C., Mennink, B.: Security of the Suffix Keyed Sponge. IACR Trans. Symmetric Cryptol. 2019(4), 223–248 (2019). https://doi.org/10.13154/tosc.v2019.i4.223-248

[20]

Even S and Mansour Y A construction of a cipher from a single pseudorandom permutation J. Cryptol. 1997 10 3 151-162

Digital Library

[21]

Iwata T and Kurosawa K Johansson T OMAC: one-key CBC MAC Fast Software Encryption 2003 Heidelberg Springer 129-153

[22]

Luykx A, Preneel B, Tischhauser E, and Yasuda K Peyrin T A MAC mode for lightweight block ciphers Fast Software Encryption 2016 Heidelberg Springer 43-59

Digital Library

[23]

McGrew, D.A., Viega, J.: The use of galois message authentication code (GMAC) in IPsec ESP and AH. RFC 4543, 1–14 (2006). https://doi.org/10.17487/RFC4543

Digital Library

[24]

Shoup V Koblitz N On fast and provably secure message authentication based on universal hashing Advances in Cryptology — CRYPTO ’96 1996 Heidelberg Springer 313-328

[25]

Stinson, D.R.: On the connections between universal hashing, combinatorial designs and error-correcting codes. Electron. Colloquium Comput. Complex. 2(52) (1995). http://eccc.hpi-web.de/eccc-reports/1995/TR95-052/index.html

[26]

Wegman MN and Carter L New hash functions and their use in authentication and set equality J. Comput. Syst. Sci. 1981 22 3 265-279

Cited By

Eliasi PGhosh KDaemen J(2024)Mystrium: Wide Block Encryption Efficient on Entry-Level ProcessorsSecurity and Cryptography for Networks10.1007/978-3-031-71073-5_4(71-96)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71073-5_4
Ghosh KAmiri Eliasi PDaemen J(2023)Multimixer-156: Universal Keyed Hashing Based on Integer Multiplication and Cyclic ShiftProgress in Cryptology – INDOCRYPT 202310.1007/978-3-031-56232-7_1(3-24)Online publication date: 10-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-56232-7_1

Recommendations

Cryptographic properties and application of a Generalized Unbalanced Feistel Network structure

In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function FO of the KASUMI block cipher. We show that the differential and linear probabilities of any n + 1 rounds ...
Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure
ACISP '09: Proceedings of the 14th Australasian Conference on Information Security and Privacy

In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function <em>FO</em> of the KASUMI block cipher. We prove upper bounds for the differential and linear hull ...
Generalized Feistel networks revisited

This work deals with the classification, security and efficiency of generalized Feistel networks (GFNs) with 4 lines. We propose a definition of a GFN, essentially limiting consideration to Feistel-type constructions with domain-preserving F-functions ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Advances in Cryptology – CRYPTO 2023: 43rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20–24, 2023, Proceedings, Part III

Aug 2023

807 pages

ISBN:978-3-031-38547-6

DOI:10.1007/978-3-031-38548-3

Editors:
Helena Handschuh
Rambus Inc., San Jose, CA, USA
,
Anna Lysyanskaya
Brown University, Providence, RI, USA

© International Association for Cryptologic Research 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 August 2023

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Eliasi PGhosh KDaemen J(2024)Mystrium: Wide Block Encryption Efficient on Entry-Level ProcessorsSecurity and Cryptography for Networks10.1007/978-3-031-71073-5_4(71-96)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71073-5_4
Ghosh KAmiri Eliasi PDaemen J(2023)Multimixer-156: Universal Keyed Hashing Based on Integer Multiplication and Cyclic ShiftProgress in Cryptology – INDOCRYPT 202310.1007/978-3-031-56232-7_1(3-24)Online publication date: 10-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-56232-7_1

View Options

View options

Figures

Tables

Media

View Table of Conten