http://iet.metastore.ingenta.com
1887

Sandwich construction for keyed sponges: independence between capacity and construction queries

Sandwich construction for keyed sponges: independence between capacity and construction queries

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

In this study, the authors study the pseudo-random function (PRF) security of keyed sponges. ‘Capacity’ is a parameter of a keyed sponge that usually defines a dominant term in the PRF-security bound. The previous works have improved the capacity term in the PRF-security bound of the ‘prefix’ keyed sponge, where a secret key is prepended to an input message, and then the resultant value is inputted into the sponge function. A tight bound for the capacity term was given by Naito and Yasuda (FSE 2016): for the capacity c, the number of construction queries q and the number of primitive queries Q. Thus, the following question naturally arises: Can they construct a keyed sponge with beyond the -bound security? In this study, they consider the ‘sandwich’ keyed sponge, where a secret key is both prepended and appended to an input message, and then the resultant value is inputted into the sponge function. They prove that the capacity term becomes for the rate r, which is usually and . That is, the dependence between the capacity and construction queries can be removed by the sandwich construction.

References

    1. 1)
      • 1. Bertoni, G., Daemen, J., Peeters, M., et al: ‘On the indifferentiability of the sponge construction’. EUROCRYPT, 2008 (LNCS, 4965), pp. 181197.
    2. 2)
      • 2. NIST: ‘Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family, Federal Register, 2007, 27, (212), pp. 6221262220.
    3. 3)
      • 3. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Keccak’. EUROCRYPT, 2013 (LNCS, 7881), pp. 313314.
    4. 4)
      • 4. NIST: SHA-3 Standard: ‘Permutation-based hash and extendable-output functions’. FIPS PUB 202, 2015.
    5. 5)
      • 5. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Duplexing the sponge: single-pass authenticated encryption and other applications’. SAC, 2011 (LNCS, 7118), pp. 320337.
    6. 6)
      • 6. Bertoni, G., Daemen, J., Peeters, M., et al: ‘On the security of the keyed sponge construction’. Symmetric Key Encryption Workshop (SKEW), February 2011.
    7. 7)
      • 7. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Permutation-based encryption, authentication and authenticated encryption’. Directions in Authenticated Ciphers, 2012.
    8. 8)
      • 8. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Sponge-based pseudo-random number generators’. CHES, 2010 (LNCS, 6225), pp. 3347.
    9. 9)
      • 9. Aumasson, J., Henzen, L., Meier, W., et al: ‘Quark: a lightweight hash’. CHES, 2010 (LNCS, 6225), pp. 115.
    10. 10)
      • 10. Bogdanov, A., Knezevic, M., Leander, G., et al: ‘SPONGENT: a lightweight hash function’. CHES, 2011 (LNCS, 6917), pp. 312325.
    11. 11)
      • 11. Guo, J., Peyrin, T., Poschmann, A.: ‘The PHOTON family of lightweight hash functions’. CRYPTO, 2011 (LNCS, 6841), pp. 222239.
    12. 12)
      • 12. Maurer, U.M., Renner, R., Holenstein, C.: ‘Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology’. TCC, 2004 (LNCS, 2951), pp. 2139.
    13. 13)
      • 13. Andreeva, E., Daemen, J., Mennink, B., et al: ‘Security of keyed sponge constructions using a modular proof approach’. FSE, 2015 (LNCS, 9054), pp. 364384.
    14. 14)
      • 14. Gaži, P., Pietrzak, K., Tessaro, S.: ‘The exact PRF security of truncation: tight bounds for keyed sponges and truncated CBC’. CRYPTO, 2015 (LNCS, 9215), pp. 368387, part I.
    15. 15)
      • 15. Naito, Y., Yasuda, K.: ‘New bounds for keyed sponges with extendable output: independence between capacity and message length’. FSE, 2016 (LNCS, 9783), pp. 322.
    16. 16)
      • 16. Tsudik, G.: ‘Message authentication with one-way hash functions’. INFOCOM. pp. 20552059.
    17. 17)
      • 17. Yasuda, K.: ‘Sandwich’ is indeed secure: how to authenticate a message with just one hashing’. ACISP, 2007 (LNCS, 4586), pp. 355369.
    18. 18)
      • 18. Mennink, B., Reyhanitabar, R., Vizár, D.: ‘Security of full-state keyed sponge and duplex: applications to authenticated encryption’. ASIACRYPT, 2015 (LNCS, 9453), pp. 465489.
    19. 19)
      • 19. Patarin, J.: ‘The ‘coefficients H’ technique’. SAC, 2008 (LNCS, 5381), pp. 328345.
    20. 20)
      • 20. Mouha, N., Mennink, B., Herrewege, A.V., et al: ‘Chaskey: an efficient MAC algorithm for 32 bit microcontrollers’. SAC, 2014 (LNCS, 8781), pp. 306323.
    21. 21)
      • 21. Chen, S., Steinberger, J.P.: ‘Tight security bounds for key-alternating ciphers’. EUROCRYPT, 2014 (LNCS, 8441), pp. 327350.
    22. 22)
      • 22. Jovanovic, P., Luykx, A., Mennink, B.: ‘Beyond 2 c/2 security in sponge-based authenticated encryption modes’. ASIACRYPT, 2014, vol. 8873, pp. 85104, part I.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0027
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0027
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address