We propose a new mode of operation called ZMAC allowing to construct a (stateless and deterministic) message authentication code (MAC) from a tweakable block cipher (TBC). When using a TBC with n-bit blocks and t-bit tweaks, our construction provides security (as a variable-input-length PRF) beyond the birthday bound with respect to the block-length n and allows to process n + t bits of inputs per TBC call. In comparison, previous TBC-based modes such as PMAC1, the TBC-based generalization of the seminal PMAC mode (Black and Rogaway, EUROCRYPT 2002) or PMAC TBC1k (Naito, ProvSec 2015) only process n bits of input per TBC call. Since an n-bit block, t-bit tweak TBC can process at most n + t bits of input per call, the efficiency of our construction is essentially optimal, while achieving beyond-birthday-bound security. The ZMAC mode is fully parallelizable and can be directly instantiated with several concrete TBC proposals, such as Deoxys and SKINNY. We also use ZMAC to construct a stateless and deterministic Authenticated Encryption scheme called ZAE which is very efficient and secure beyond the birthday bound.
CITATION STYLE
Iwata, T., Minematsu, K., Peyrin, T., & Seurin, Y. (2017). ZMAC: A fast tweakable block cipher mode for highly secure message authentication. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10403 LNCS, pp. 34–65). Springer Verlag. https://doi.org/10.1007/978-3-319-63697-9_2
Mendeley helps you to discover research relevant for your work.