TU Darmstadt / ULB / TUbiblio

The Committing Security of MACs with Applications to Generic Composition

Bhaumik, Ritam ; Chakraborty, Bishwajit ; Choi, Wonseok ; Dutta, Avijit ; Govinden, Jérôme ; Shen, Yaobin (2024)
The Committing Security of MACs with Applications to Generic Composition.
44th Annual International Cryptology Conference (CRYPTO 2024). Santa Barbara, USA (18.-22.08.2024)
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Message Authentication Codes (MACs) are ubiquitous primitives deployed in multiple flavors through standards such as HMAC, CMAC, GMAC, LightMAC, and many others. Its versatility makes it an essential building block in applications necessitating message authentication and integrity checks, in authentication protocols, authenticated encryption schemes, or as a pseudorandom or key derivation function. Its usage in this variety of settings makes it susceptible to a broad range of attack scenarios. The latest attack trends leverage a lack of commitment or context-discovery security in AEAD schemes and these attacks are mainly due to the weakness in the underlying MAC part. However, these new attack models have been scarcely analyzed for MACs themselves. This paper provides a thorough treatment of MACs committing and context-discovery security. We reveal that commitment and context-discovery security of MACs have their own interest by highlighting real-world vulnerable scenarios. We formalize the required security notions for MACs, and analyze the security of standardized MACs for these notions. Additionally, as a constructive application, we analyze generic AEAD composition and provide simple and efficient ways to build committing and context-discovery secure AEADs.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2024
Autor(en): Bhaumik, Ritam ; Chakraborty, Bishwajit ; Choi, Wonseok ; Dutta, Avijit ; Govinden, Jérôme ; Shen, Yaobin
Art des Eintrags: Bibliographie
Titel: The Committing Security of MACs with Applications to Generic Composition
Sprache: Englisch
Publikationsjahr: 2024
Veranstaltungstitel: 44th Annual International Cryptology Conference (CRYPTO 2024)
Veranstaltungsort: Santa Barbara, USA
Veranstaltungsdatum: 18.-22.08.2024
Zugehörige Links:
Kurzbeschreibung (Abstract):

Message Authentication Codes (MACs) are ubiquitous primitives deployed in multiple flavors through standards such as HMAC, CMAC, GMAC, LightMAC, and many others. Its versatility makes it an essential building block in applications necessitating message authentication and integrity checks, in authentication protocols, authenticated encryption schemes, or as a pseudorandom or key derivation function. Its usage in this variety of settings makes it susceptible to a broad range of attack scenarios. The latest attack trends leverage a lack of commitment or context-discovery security in AEAD schemes and these attacks are mainly due to the weakness in the underlying MAC part. However, these new attack models have been scarcely analyzed for MACs themselves. This paper provides a thorough treatment of MACs committing and context-discovery security. We reveal that commitment and context-discovery security of MACs have their own interest by highlighting real-world vulnerable scenarios. We formalize the required security notions for MACs, and analyze the security of standardized MACs for these notions. Additionally, as a constructive application, we analyze generic AEAD composition and provide simple and efficient ways to build committing and context-discovery secure AEADs.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Kryptographie und Komplexitätstheorie
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Hinterlegungsdatum: 17 Jun 2024 11:14
Letzte Änderung: 17 Jun 2024 11:14
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen