Skip to main content
Conference Proceedings

On the Post-quantum Security of Classical Authenticated Encryption Schemes

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2023) 14064 LNCS 79-104
DOI: 10.1007/978-3-031-37679-5_4
0Citations
Citations of this article
2Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We study the post-quantum security of authenticated encryption (AE) schemes, designed with classical security in mind. Under superposition attacks, many CBC-MAC variants have been broken, and AE modes employing those variants, such as EAX and GCM, thus fail at authenticity. As we show, the same modes are IND-qCPA insecure, i.e., they fail to provide privacy under superposition attacks. However, a constrained version of GCM is IND-qCPA secure, and a nonce-based variant of the CBC-MAC is secure under superposition queries. Further, the combination of classical authenticity and classical chosen-plaintext privacy thwarts attacks with superposition chosen-ciphertext and classical chosen-plaintext queries – a security notion that we refer to as IND-qdCCA. And nonce-based key derivation allows generically turning an IND-qdCCA secure scheme into an IND-qCCA secure scheme.

Author supplied keywords

Cite

CITATION STYLE

APA

Lang, N., & Lucks, S. (2023). On the Post-quantum Security of Classical Authenticated Encryption Schemes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 14064 LNCS, pp. 79–104). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-37679-5_4

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free