Reconsidering the Security Bound of AES-GCM-SIV

CryptoDB

Reconsidering the Security Bound of AES-GCM-SIV

Authors:	Tetsu Iwata , Nagoya University Yannick Seurin , ANSSI, Paris
Download:	DOI: 10.13154/tosc.v2017.i4.240-267 URL: https://tosc.iacr.org/index.php/ToSC/article/view/810 Search ePrint Search Google
Abstract:	We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.

BibTeX

@article{tosc-2017-28494,
  title={Reconsidering the Security Bound of AES-GCM-SIV},
  journal={IACR Trans. Symmetric Cryptol.},
  publisher={Ruhr-Universität Bochum},
  volume={2017, Issue 4},
  pages={240-267},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/810},
  doi={10.13154/tosc.v2017.i4.240-267},
  author={Tetsu Iwata and Yannick Seurin},
  year=2017
}

International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Reconsidering the Security Bound of AES-GCM-SIV

BibTeX

International Association for Cryptologic Research

International Associationfor Cryptologic Research

CryptoDB

Reconsidering the Security Bound of AES-GCM-SIV

BibTeX

International Association
for Cryptologic Research