Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD : More Applications of Pseudo-Random Injections

Khairallah, Mustafa

Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD : More Applications of Pseudo-Random Injections

Mark

Khairallah, Mustafa ^LU (2025) In Transactions on Symmetric Cryptology 2025 1.

Abstract: Pseudo-Random Injections (PRIs) have been used in several applications in symmetric-key cryptography, such as in the idealization of Authenticated Encryption with Associated Data (AEAD) schemes, building robust AEAD, and, recently, in converting a committing AEAD scheme into a succinctly committing AEAD scheme. In Crypto 2024, Bellare and Hoang showed that if an AEAD scheme is already committing, it can be transformed into a succinctly committing scheme by encrypting part of the plaintext using a PRI. In this paper, we revisit the applications of PRIs in building Message Authentication Codes (MACs) and AEAD schemes. First, we look at some of the properties and definitions of PRIs, such as collision resistance and unforgeability when... (More); Pseudo-Random Injections (PRIs) have been used in several applications in symmetric-key cryptography, such as in the idealization of Authenticated Encryption with Associated Data (AEAD) schemes, building robust AEAD, and, recently, in converting a committing AEAD scheme into a succinctly committing AEAD scheme. In Crypto 2024, Bellare and Hoang showed that if an AEAD scheme is already committing, it can be transformed into a succinctly committing scheme by encrypting part of the plaintext using a PRI. In this paper, we revisit the applications of PRIs in building Message Authentication Codes (MACs) and AEAD schemes. First, we look at some of the properties and definitions of PRIs, such as collision resistance and unforgeability when used as a MAC with small plaintext space, under different leakage models. Next, we show how they can be combined with collision-resistant hash functions to build a MAC for long plaintexts, offering flexible security depending on how the PRI and equality check are implemented. If both the PRI and equality check are leak-free, the MAC provides almost optimal security, but the security only degrades a little if the equality check is only leakage-resilient (rather than leak-free). If the equality check has unbounded leakage, the security drops to a baseline security, rather than being completely insecure. Next, we show how to use PRIs to build a succinctly committing online AEAD scheme dubbed as scoAE from scratch that achieves succinct CMT-4 security, privacy, and Ciphertext Integrity with Misuse and Leakage (CIML) security. Last but not least, we show how to build a succinct nonce Misuse-Resistant (MRAE) AEAD scheme, dubbed as scMRAE. The construction combines the SIV paradigm with PRI-based encryption (e.g. the Encode-then-Encipher (EtE) framework). (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/909f5050-c06a-4d84-9091-6957d80a2654

author

Khairallah, Mustafa ^LU

organization

publishing date

2025

type

Working paper/Preprint

publication status

published

subject

Computer Sciences

in

Transactions on Symmetric Cryptology 2025

volume

1

publisher

IACR

language

English

LU publication?

yes

id

909f5050-c06a-4d84-9091-6957d80a2654

alternative location

https://eprint.iacr.org/2024/1813

date added to LUP

2025-01-02 10:48:54

date last changed

2025-04-04 14:36:24

@misc{909f5050-c06a-4d84-9091-6957d80a2654,
  abstract     = {{Pseudo-Random Injections (PRIs) have been used in several applications in symmetric-key cryptography, such as in the idealization of Authenticated Encryption with Associated Data (AEAD) schemes, building robust AEAD, and, recently, in converting a committing AEAD scheme into a  succinctly committing AEAD scheme. In Crypto 2024, Bellare and Hoang showed that if an AEAD  scheme is already committing, it can be transformed into a succinctly committing scheme by  encrypting part of the plaintext using a PRI. In this paper, we revisit the applications of  PRIs in building Message Authentication Codes (MACs) and AEAD schemes. First, we look at some of the properties and definitions of PRIs, such as collision resistance and unforgeability when used as a MAC with small plaintext space, under different leakage models. Next, we show how they can be combined with collision-resistant hash functions to build a MAC for long plaintexts, offering flexible security depending on how the PRI and equality check are implemented. If both the PRI and equality check are leak-free, the MAC provides almost optimal security, but the security only degrades a little if the equality check is only leakage-resilient (rather than leak-free). If the equality check has unbounded leakage, the security drops to a baseline security, rather than being completely insecure. Next, we show how to use PRIs to build a succinctly committing online AEAD scheme dubbed as scoAE from scratch that achieves succinct CMT-4 security, privacy, and Ciphertext Integrity with Misuse and Leakage (CIML) security. Last but not least, we show how to build a succinct nonce Misuse-Resistant (MRAE) AEAD scheme, dubbed as scMRAE. The construction combines the SIV paradigm with PRI-based encryption (e.g. the Encode-then-Encipher (EtE) framework).}},
  author       = {{Khairallah, Mustafa}},
  language     = {{eng}},
  note         = {{Preprint}},
  publisher    = {{IACR}},
  series       = {{Transactions on Symmetric Cryptology 2025}},
  title        = {{Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD : More Applications of Pseudo-Random Injections}},
  url          = {{https://eprint.iacr.org/2024/1813}},
  volume       = {{1}},
  year         = {{2025}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Revisiting Leakage-Resilient MACs and Succinctly-Committing AEAD : More Applications of Pseudo-Random Injections