Dissertation and Thesis

Permanent URI for this communityhttp://164.52.219.250:4000/handle/10263/2146

Browse

Subject: search.filters.subject.MAC

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    Design and Analysis of Some Symmetric Key Schemes for Encryption and Authentication
    (Indian Statistical Institute, Kolkata, 2024) Kundu, Samir
    This thesis mainly focuses on the design and analysis of tweakable enciphering schemes (TESs) and message authentication codes (MACs). Tweakable enciphering schemes are length preserving encryption schemes that provide security of a strong tweakable pseudorandom permutation. There are several constructions of TES using block ciphers as the main cryptographic primitive. Recently, public random permutations have been widely considered as a replacement for block ciphers in several cryptographic schemes, including Authenticated Encryption (AE) schemes, MACs, etc. However, to the best of our knowledge, a systematic study of constructing TESs using public random permutations is missing. We fill this gap by constructing TES using public permutations. We propose two main constructions with several variants. The basic construction, which we call ppTES is generically constructed using a public random permutation, a length expanding pseudorandom function (PRF) based on public random permutations and an almost xor-universal and almost-regular (AXUAR) hash function. We show a concrete instantiation of ppTES and prove its security using the H-Coefficient technique. ppTES requires both forward and inverse calls to the public random permutation. Most public random permutations are designed with the goal of making the forward calls extremely fast. Thus, a TES construction that does not need computing the inverse of a permutation will have better efficiency. This fact leads us to design a TES that uses a public permutation but does not require the inverse calls to the permutation. We call this construction as IpTES. In addition to a public permutation, IpTES uses an AXUAR hash function. To ensure the inverse free property, we suitably use a two-round Feistel structure. We prove that IpTES is a birthday bound secure public permutation based TES. The rest of the work is on MACs. TrCBC is a variant of the famous CBC MAC which was proposed by Zhang et al. in 2012. It was claimed that TrCBC is a secure MAC with significant efficiency advantages over other secure variants of CBC. The authors also mentioned the only disadvantage of TrCBC to be the fact that it produces shorter tags; in particular, it was claimed that TrCBC can only produce secure tags of length less than n=2, where n is the block length of the underlying block cipher. We mount a concrete practical attack on TrCBC. We show that with high probability, an adversary can forge TrCBC with tag length n=2 􀀀 1 with just three queries. We discuss some general scenarios of our concrete attack and also do a detailed analysis of the authors’ security claims of TrCBC. Next, we study variable output length pseudorandom functions and their use in constructing secure MACs, which can produce tags of varying lengths using the same key. In this regard, we propose a generic construction of converting a fixed output length PRF to a variable output length PRF and discuss its utility in constructing MACs. We also propose some modifications to the famous block cipher based MAC called PMAC to equip it to produce tags of varying lengths. Finally, we do an extensive study of a newly proposed MAC, 2k-LightMAC_Plus. 2k-LightMAC_Plus was proposed by Datta et al. in FSE 2018, where the author proved that the scheme provides 2n=3 bits of security. We improve this bound and show that 2k-LightMAC_Plus provably achieves 3n=4 bit security. We also exhibit a matching attack on the construction and hence establish that our bound is tight. Our proof uses several components of Mirror Theory.
  • No Thumbnail Available
    Item
    Tight Security of PMAC-type and CBC-type Message Authentication Codes
    (Indian Statistical Institute, Kolkata, 2023-07) Chattopadhyay, Soumya
    Message Authentication Codes (or MACs) are symmetric-key primitives that ensure the authenticity as well as the integrity of messages. The sender generates an authen- tication tag (based on a message and a secret key) which can be verified on the re- ceiver’s end. Two paradigms for building block cipher based MACs of the form Hash- then-PRP: 1) Parallelizable or PMAC-type, 2) Sequential or CBC-type. PMAC, sPMAC, PMAC1, LightMAC etc. are examples of PMAC-type MACs. Whereas OMAC, XCBC, TMAC, GCBC are examples of CBC-type MACs. Obtaining length independent (tight) bounds for these constructions has been a challenging problem. The goal of this thesis is to obtain length independent (tight) bounds for as many important constructions as possible and devise a novel technique that can be employed for various constructions and has a scope of generalization. PMAC-TYPE MACS: Firstly, in chapter 3, we demonstrate why a claim about tight se- curity of a PMAC variant proposed by Naito is wrong. Together with that, we state a necessary and sufficient condition to correctly establish that claim. Secondly, in the same chapter, we propose a variant of PMAC1 which has tight security for a rea- sonable range of message lengths. Then we prove the tight security of sPMAC for a weaker notion of independence (of hash). Next, in chapter 4, we analyze secu- rity bounds for LightMAC: We show tight security of 1k-LightMAC (single-key version of the original LightMAC) which holds for a range of lengths (both upper and lower bounded). Moreover, we show an attack on 1k-LightMAC for sufficiently small-length messages. Besides we propose two new variants of 1k-LightMAC, namely, LightMAC- swp and LightMAC-ds, both of which achieve length independent tight security for a fairly good range of lengths. Here we employ a novel sampling technique, dubbed “Reset-sampling”, as a subroutine of H-coefficient setup. It helps get tight bounds. Then, in the last chapter (5) of this part, we try to get a generalized view of the PMAC family. We develop technical concepts necessary to cover a large class of parallelizable MACs of the form hash-then-PRP. As the main results of this chapter, we prove the se- curity bound in terms of the collision probability of the underlying hash function, both for independent keys and single-keyed versions of a generic member of the PMAC family. As a corollary to this, we apply this result to get birthday-bound security for a simplified version of PMAC+, under some assumptions. Moreover, a similar bound for 1k-LightMAC as well follows directly from the main result. CBC-TYPE MACS: In chapter 6, we obtain O( q2 2n + qℓ2 2n ) bound for OMAC using reset- sampling . This is the best-known bound for it. Although it is not “length independent” in an exact sense, it behaves almost like a birthday bound with some consideration. We obtain similar bounds for XCBC and TMAC also. In this way, we become successful in establishing tight security for all CBC-MAC variants, except the original one.
  • No Thumbnail Available
    Item
    Data survivability and authenticity in unattended WSN
    (Indian Statistical Institute, Kolkata, 2016) Sardar, Laltu