Abstract

The security bound is an important evaluation criterion in an authenticated encryption (AE) scheme. Many AE schemes that are widely used have birthday-bound security, which means that the scheme has b/2-bit security, where b is the block size of the underlying primitive. However, due to the increased interest in lightweight cryptography, smaller block-size primitives have been developed, which has led to more active research on AE schemes with beyond birthday-bound security. Although all such AE schemes are secure up to a full-bit (i.e. b-bit) bound at most, Naito et al. proposed the first beyond full-bit-bound secure AE schemes, P F B _ P l u s and P F B ω, at Eurocrypt 2020. P F B _ P l u s and P F B ω achieve 2b-bit security and ωb-bit security, respectively, where ω is a parameter s.t. ω ∈ N. In this work, the author points out a downside of P F B ω that was not clearly specified in its proposal paper and resolves it with the proposed scheme, e x P F B ω. The downside of P F B ω is that there is a limitation on each input size; it can process only up to 2b − 2 blocks for each input in spite of its high security bound. The author's scheme, e x P F B ω, is the first AE to achieve ωb-bit security and has no limitation on each input size for ω ≥ 3.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call