Abstract

In FSE'16, Lyukx et al. have proposed $\textsf{LightMAC}$ that achieves a query length independent security of $ O(q^2/2^n) $ when instantiated with two independently keyed block ciphers. This high security comes at the cost of reducing the data injection rate to $ (n-s) $ bits per primitive invocation and restricting the query length up to $ (n-s)2^s $ bits, for a fixed counter size $ s $. Recently in ASIACRYPT'21, Chattopadhyay et al. have shown that $\textsf{LightMAC}$ achieves the same security even when it is instantiated with a single keyed block cipher. However, it limits the length of a message to $ (n-s) \min\{2^{n/4}, 2^s\} $ bits for a fixed counter size $ s $. In this paper, we propose $\textsf{LightFORK}$, a forkcipher variant of $\textsf{LightMAC}$ that achieves an improved query length independent security bound of the order of $ O(q^2/2^{n+s}) $, maintaining full $ n $ bit message injection per primitive call, where $ n $ and $ s $ denote the block size and tweak size of the forkcipher respectively. The maximum message length is also increased to $ n2^{n/6+s/2} $ bits. Our security proof is based on a new technique called resetting with delayed sampling, which is an extension of the reset-sampling technique of Chattopadhyay et al.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.