PMAC+; LIGHTMAC+; Sum of Even-Mansour; tight security; symmetric-key cryptography
Abstract :
[en] In this paper, we define a special class of systems of linear equations over finite fields that arise in the security analysis of various MAC and PRF modes. We establish lower bounds on the number of solutions for these systems under specific restrictions and use them to derive tight PRF security for several constructions. Specifically, we prove security up to O(2^{3n/4}) queries for the single-keyed variant of the Double-block Hash-then-Sum construction, called 1k-DBHTS, assuming appropriate hash function properties. We show that the single-keyed variants of PMAC+ and LIGHTMAC+, called 1k-PMAC+ and 1k-LIGHTMAC+ satisfy these properties, achieving security up to O(2^{3n/4}) queries. Additionally, we show that the sum of $r$ independent Even-Mansour ciphers is secure up to O(2^{(r/(r+1)) n}) queries.
