Sciweavers

IACR
2016

Revisiting Structure Graph and Its Applications to CBC-MAC and EMAC

8 years 8 months ago
Revisiting Structure Graph and Its Applications to CBC-MAC and EMAC
In Crypto’05, Bellare et al. proved O( q2 /2n ) bound for the PRF (pseudorandom function) security of the CBC-MAC based on an n-bit random permutation Π, provided < 2n/3 . Here an adversary can make at most q prefix-free queries each having at most “blocks” (elements of {0, 1}n ). In the same paper O( o(1) q2 /2n ) bound for EMAC (or encrypted CBC-MAC) was proved, provided < 2n/4 . Both proofs are based on structure graphs representing all collisions among “intermediate inputs” to Π during the computation of CBC. The problem of bounding PRF-advantage is shown to be reduced to bounding the number of structure graphs satisfying certain collision patterns. Unfortunately, we have shown here that the Lemma 10 in the Crypto’05 paper, stating an important result on structure graphs, is incorrect. This is due to the fact that the authors overlooked certain structure graphs. This invalidates the proofs of the PRF bounds. In ICALP’06, Pietrzak improved the bound for EMAC b...
Ashwin Jha, Mridul Nandi
Added 03 Apr 2016
Updated 03 Apr 2016
Type Journal
Year 2016
Where IACR
Authors Ashwin Jha, Mridul Nandi
Comments (0)