Paper 2017/260

Message-Recovery MACs and Verification-Unskippable AE

Shoichi Hirose, Yu Sasaki, and Kan Yasuda

Abstract

This paper explores a new type of MACs called message-recovery MACs (MRMACs). MRMACs have an additional input $R$ that gets recovered upon verification. Receivers must execute verification in order to recover $R$, making the verification process unskippable. Such a feature helps avoid mis-implementing verification algorithms. The syntax and security notions of MRMACs are rigorously formulated. In particular, we formalize the notion of unskippability and present a construction of an unskippable MRMAC from a tweakable cipher and a universal hash function. Our construction is provided with formal security proofs. We extend the idea of MRMACs to a new type of authenticated encryption called verification-unskippable AE (VUAE). We propose a generic Enc-then-MRMAC composition which realizes VUAE. The encryption part needs to satisfy a new security notion called one-time undecipherability. We provide three constructions that are one-time undecipherable, and they are proven secure under various security models.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
message recovery MACsauthenticated encryptionunskippabilityone-time undecipherabilityCTR modeEven-MansourFX
Contact author(s)
hrs_shch @ u-fukui ac jp
History
2017-03-25: received
Short URL
https://ia.cr/2017/260
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/260,
      author = {Shoichi Hirose and Yu Sasaki and Kan Yasuda},
      title = {Message-Recovery MACs and Verification-Unskippable AE},
      howpublished = {Cryptology ePrint Archive, Paper 2017/260},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/260}},
      url = {https://eprint.iacr.org/2017/260}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.