SIVx / PMAC2x

Question

SIVx / PMAC2x

tarcieri opened this issue 7 years ago · 2 comments

See Revisiting Full-PRF-Secure PMAC and Using It for Beyond-Birthday Authenticated Encryption

This paper proposes an authenticated encryption scheme,
called SIVx, that preserves BBB security also without the requirement
for nonces. For this purpose, we propose a single-key BBB-secure message
authentication code with 2n-bit outputs, called PMAC2x, based on a
tweakable block cipher. PMAC2x is motivated by PMAC_TBC1k by
Naito; we revisit its security proof and point out an invalid assumption.
As a remedy, we provide an alternative proof for our construction, and
derive a corrected bound for PMAC_TBC1k.

Related issue: #76

Answer 1 · 2017-11-01T14:56:48.000Z

Cryptanalysis of SIVx / PMAC2x: https://eprint.iacr.org/2017/220.pdf

Answer 2 · 2017-11-01T16:48:21.000Z

Given the cryptanalysis result, this probably isn't worth considering for now.