LightMAC: Fork it and Make it faster

In FSE'16, Lyukx et al. Have proposed LightMAC that achieves a query length independent security of  O(q²/2ⁿ)  when instantiated with two independently keyed block ciphers. This high security comes at the cost of reducing the data injection rate to (n - s) bits per primitive invocation and restricting the query length up to (n - s)2⁸  bits, for a fixed counter size s. Recently in ASIACRYPT'21, Chattopadhyay et al. have shown that LightMAC achieves the same security even when it is instantiated with a single keyed block cipher. However, it limits the length of a message to (n - s) min {2^n/4, 2⁸}  bits for a fixed counter size . In this paper, we propose LightFORK , a forkcipher variant of LightMAC that achieves an improved query length independent security bound of the order of O(q²/2ⁿ⁺⁸), maintaining full n bit message injection per primitive call, where n and s denote the block size and tweak size of the forkcipher respectively. The maximum message length is also increased to n2^n/6+s/2 bits. Our security proof is based on a new technique called resetting with delayed sampling, which is an extension of the reset-sampling technique of Chattopadhyay et al.

Keywords
Symmetric-key Cryptography, Forkcipher, Provable Security, LightMAC, H-coefficient.

Autores:

Cuauhtemoc Mancillas López.

Revista

American Institute of Mathematical Sciences.

DOI: 10.3934/amc.2022100