Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD
Pseudo-Random Injections (PRIs) have been used in several applications in symmetric-key cryptography, such as in the idealization of Authenticated Encryption with Associated Data (AEAD) schemes, building robust AEAD, and, recently, in converting a committing AEAD scheme into a succinctly committing...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2025-03-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/12075 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850251865699123200 |
|---|---|
| author | Mustafa Khairallah |
| author_facet | Mustafa Khairallah |
| author_sort | Mustafa Khairallah |
| collection | DOAJ |
| description |
Pseudo-Random Injections (PRIs) have been used in several applications in symmetric-key cryptography, such as in the idealization of Authenticated Encryption with Associated Data (AEAD) schemes, building robust AEAD, and, recently, in converting a committing AEAD scheme into a succinctly committing AEAD scheme. In Crypto 2024, Bellare and Hoang showed that if an AEAD scheme is already committing, it can be transformed into a succinctly committing scheme by encrypting part of the plaintext using a PRI. In this paper, we revisit the applications of PRIs in building Message Authentication Codes (MACs) and AEAD schemes. First, we look at some of the properties and definitions of PRIs, such as collision resistance and unforgeability when used as a MAC with a small plaintext space, under different leakage models. Next, we show how they can be combined with collision-resistant hash functions to build a MAC for long plaintexts, offering flexible security depending on how the PRI and equality check are implemented. If both the PRI and equality check are leak-free, the MAC provides almost optimal security, but the security only degrades a little if the equality check is only leakage-resilient (rather than leak-free). If the equality check has unbounded leakage, the security drops to a baseline security rather than being completely insecure. Next, we show how to use PRIs to build a succinctly committing online AEAD scheme from scratch, dubbed as scoAE. It achieves succinct CMT4 security, privacy, and Ciphertext Integrity with Misuse and Leakage (CIML2) security. Last but not least, we show how to build a succinctly committing nonce Misuse-Resistant (MRAE) AEAD scheme, dubbed as scMRAE. The construction combines the SIV paradigm with PRI-based encryption (e.g., the Encode-then-Encipher (EtE) framework).
|
| format | Article |
| id | doaj-art-a356d71a5e3e4eb1afdb678e6b099d2c |
| institution | OA Journals |
| issn | 2519-173X |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | IACR Transactions on Symmetric Cryptology |
| spelling | doaj-art-a356d71a5e3e4eb1afdb678e6b099d2c2025-08-20T01:57:48ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2025-03-012025110.46586/tosc.v2025.i1.211-239Revisiting Leakage-Resilient MACs and Succinctly-Committing AEADMustafa Khairallah0Dept. of Electrical and Information Technology, Lund University, Lund, Sweden; Nanyang Technological University, Singapore, Singapore Pseudo-Random Injections (PRIs) have been used in several applications in symmetric-key cryptography, such as in the idealization of Authenticated Encryption with Associated Data (AEAD) schemes, building robust AEAD, and, recently, in converting a committing AEAD scheme into a succinctly committing AEAD scheme. In Crypto 2024, Bellare and Hoang showed that if an AEAD scheme is already committing, it can be transformed into a succinctly committing scheme by encrypting part of the plaintext using a PRI. In this paper, we revisit the applications of PRIs in building Message Authentication Codes (MACs) and AEAD schemes. First, we look at some of the properties and definitions of PRIs, such as collision resistance and unforgeability when used as a MAC with a small plaintext space, under different leakage models. Next, we show how they can be combined with collision-resistant hash functions to build a MAC for long plaintexts, offering flexible security depending on how the PRI and equality check are implemented. If both the PRI and equality check are leak-free, the MAC provides almost optimal security, but the security only degrades a little if the equality check is only leakage-resilient (rather than leak-free). If the equality check has unbounded leakage, the security drops to a baseline security rather than being completely insecure. Next, we show how to use PRIs to build a succinctly committing online AEAD scheme from scratch, dubbed as scoAE. It achieves succinct CMT4 security, privacy, and Ciphertext Integrity with Misuse and Leakage (CIML2) security. Last but not least, we show how to build a succinctly committing nonce Misuse-Resistant (MRAE) AEAD scheme, dubbed as scMRAE. The construction combines the SIV paradigm with PRI-based encryption (e.g., the Encode-then-Encipher (EtE) framework). https://tosc.iacr.org/index.php/ToSC/article/view/12075Context CommitmentSuccinctAEADMACLeakage Resilience |
| spellingShingle | Mustafa Khairallah Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD IACR Transactions on Symmetric Cryptology Context Commitment Succinct AEAD MAC Leakage Resilience |
| title | Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD |
| title_full | Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD |
| title_fullStr | Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD |
| title_full_unstemmed | Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD |
| title_short | Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD |
| title_sort | revisiting leakage resilient macs and succinctly committing aead |
| topic | Context Commitment Succinct AEAD MAC Leakage Resilience |
| url | https://tosc.iacr.org/index.php/ToSC/article/view/12075 |
| work_keys_str_mv | AT mustafakhairallah revisitingleakageresilientmacsandsuccinctlycommittingaead |