Abstract
In this paper, we study the efficiency of \(\mathsf {ZMAC}\)-type message authentication codes (MACs). \(\mathsf {ZMAC}\) was proposed by Iwata et al. (CRYPTO 2017) and is a highly efficient and highly secure MAC based on tweakable blockcipher (TBC). \(\mathsf {ZMAC}\) achieves the so-called beyond-birthday-bound security: security up to \(2^{\min \{b, (b+t)/2\}}\) TBC calls, using a TBC with the input-block space \(\{0,1\}^b\) and the tweak space \(\mathcal {TW}= \mathcal {I}\times \{0,1\}^t\) where \(\mathcal {I}\) is a set with \(|\mathcal {I}| = 5\) and is used for tweak separations. In the hash function, the \(b\)-bit and \(t\)-bit spaces are used to take message blocks (in previous MACs, only the \(b\)-bit input-block space is used). In the finalization function, a TBC is called twice, and these spaces are not used. List and Nandi (ToSC 2017, Issue 4) proposed \(\mathsf {ZMAC}^+\), a variant of \(\mathsf {ZMAC}\), where one TBC call is removed from the finalization function. Although both the \(b\)-bit and \(t\)-bit spaces in the hash function are used to take message blocks, those in the finalization function are not used. That rises the following question with the aim of improving the efficiency: can these spaces be used while retaining the same level of security as \(\mathsf {ZMAC}\)? In this paper, we consider the following three \(\mathsf {ZMAC}\)-type MACs.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
