access icon free Sandwich construction for keyed sponges: independence between capacity and construction queries

© The Institution of Engineering and Technology
Received 14/01/2017, Accepted 01/08/2017, Revised 18/07/2017, Published 04/08/2017

In this study, the authors study the pseudo-random function (PRF) security of keyed sponges. ‘Capacity’ is a parameter of a keyed sponge that usually defines a dominant term in the PRF-security bound. The previous works have improved the capacity term in the PRF-security bound of the ‘prefix’ keyed sponge, where a secret key is prepended to an input message, and then the resultant value is inputted into the sponge function. A tight bound for the capacity term was given by Naito and Yasuda (FSE 2016): for the capacity c, the number of construction queries q and the number of primitive queries Q. Thus, the following question naturally arises: Can they construct a keyed sponge with beyond the -bound security? In this study, they consider the ‘sandwich’ keyed sponge, where a secret key is both prepended and appended to an input message, and then the resultant value is inputted into the sponge function. They prove that the capacity term becomes for the rate r, which is usually and . That is, the dependence between the capacity and construction queries can be removed by the sandwich construction.

Inspec keywords: private key cryptography; security of data; query processing; random functions

Other keywords: sponge function; prefix keyed sponge; secret key; sandwich construction; capacity queries; construction queries; pseudorandom function security; PRF-security bound

Subjects: Other topics in statistics; Cryptography; Other topics in statistics; Data security

References

    1. 1)
      • 9. Aumasson, J., Henzen, L., Meier, W., et al: ‘Quark: a lightweight hash’. CHES, 2010 (LNCS, 6225), pp. 115.
    2. 2)
      • 5. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Duplexing the sponge: single-pass authenticated encryption and other applications’. SAC, 2011 (LNCS, 7118), pp. 320337.
    3. 3)
      • 15. Naito, Y., Yasuda, K.: ‘New bounds for keyed sponges with extendable output: independence between capacity and message length’. FSE, 2016 (LNCS, 9783), pp. 322.
    4. 4)
      • 18. Mennink, B., Reyhanitabar, R., Vizár, D.: ‘Security of full-state keyed sponge and duplex: applications to authenticated encryption’. ASIACRYPT, 2015 (LNCS, 9453), pp. 465489.
    5. 5)
      • 12. Maurer, U.M., Renner, R., Holenstein, C.: ‘Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology’. TCC, 2004 (LNCS, 2951), pp. 2139.
    6. 6)
      • 8. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Sponge-based pseudo-random number generators’. CHES, 2010 (LNCS, 6225), pp. 3347.
    7. 7)
      • 2. NIST: ‘Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family, Federal Register, 2007, 27, (212), pp. 6221262220.
    8. 8)
      • 14. Gaži, P., Pietrzak, K., Tessaro, S.: ‘The exact PRF security of truncation: tight bounds for keyed sponges and truncated CBC’. CRYPTO, 2015 (LNCS, 9215), pp. 368387, part I.
    9. 9)
      • 19. Patarin, J.: ‘The ‘coefficients H’ technique’. SAC, 2008 (LNCS, 5381), pp. 328345.
    10. 10)
      • 22. Jovanovic, P., Luykx, A., Mennink, B.: ‘Beyond 2 c/2 security in sponge-based authenticated encryption modes’. ASIACRYPT, 2014, vol. 8873, pp. 85104, part I.
    11. 11)
      • 1. Bertoni, G., Daemen, J., Peeters, M., et al: ‘On the indifferentiability of the sponge construction’. EUROCRYPT, 2008 (LNCS, 4965), pp. 181197.
    12. 12)
      • 10. Bogdanov, A., Knezevic, M., Leander, G., et al: ‘SPONGENT: a lightweight hash function’. CHES, 2011 (LNCS, 6917), pp. 312325.
    13. 13)
      • 20. Mouha, N., Mennink, B., Herrewege, A.V., et al: ‘Chaskey: an efficient MAC algorithm for 32 bit microcontrollers’. SAC, 2014 (LNCS, 8781), pp. 306323.
    14. 14)
      • 13. Andreeva, E., Daemen, J., Mennink, B., et al: ‘Security of keyed sponge constructions using a modular proof approach’. FSE, 2015 (LNCS, 9054), pp. 364384.
    15. 15)
      • 11. Guo, J., Peyrin, T., Poschmann, A.: ‘The PHOTON family of lightweight hash functions’. CRYPTO, 2011 (LNCS, 6841), pp. 222239.
    16. 16)
      • 3. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Keccak’. EUROCRYPT, 2013 (LNCS, 7881), pp. 313314.
    17. 17)
      • 6. Bertoni, G., Daemen, J., Peeters, M., et al: ‘On the security of the keyed sponge construction’. Symmetric Key Encryption Workshop (SKEW), February 2011.
    18. 18)
      • 7. Bertoni, G., Daemen, J., Peeters, M., et al: ‘Permutation-based encryption, authentication and authenticated encryption’. Directions in Authenticated Ciphers, 2012.
    19. 19)
      • 17. Yasuda, K.: ‘Sandwich’ is indeed secure: how to authenticate a message with just one hashing’. ACISP, 2007 (LNCS, 4586), pp. 355369.
    20. 20)
      • 21. Chen, S., Steinberger, J.P.: ‘Tight security bounds for key-alternating ciphers’. EUROCRYPT, 2014 (LNCS, 8441), pp. 327350.
    21. 21)
      • 4. NIST: SHA-3 Standard: ‘Permutation-based hash and extendable-output functions’. FIPS PUB 202, 2015.
    22. 22)
      • 16. Tsudik, G.: ‘Message authentication with one-way hash functions’. INFOCOM. pp. 20552059.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0027
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0027
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading