International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Tight Multi-User Security Bound of DbHtS

Authors:
Nilanjan Datta , Institute for Advancing Intelligence, TCG CREST, Kolkata, India
Avijit Dutta , Institute for Advancing Intelligence, TCG CREST, Kolkata, India
Mridul Nandi , Institute for Advancing Intelligence, TCG CREST, Kolkata, India; Indian Statistical Institute, Kolkata, India
Suprita Talnikar , Indian Statistical Institute, Kolkata, India
Download:
DOI: 10.46586/tosc.v2023.i1.192-223
URL: https://tosc.iacr.org/index.php/ToSC/article/view/10312
Search ePrint
Search Google
Abstract: In CRYPTO’21, Shen et al. proved that Two-Keyed-DbHtS construction is secure up to 22n/3 queries in the multi-user setting independent of the number of users. Here the underlying double-block hash function H of the construction realized as the concatenation of two independent n-bit keyed hash functions (HKh,1,HKh,2), and the security holds under the assumption that each of the n-bit keyed hash function is universal and regular. The authors have also demonstrated the applicability of their result to the key-reduced variants of DbHtS MACs, including 2K-SUM-ECBC, 2K-PMAC_Plus and 2K-LightMAC_Plus without requiring domain separation technique and proved 2n/3-bit multi-user security of these constructions in the ideal cipher model. Recently, Guo and Wang have invalidated the security claim of Shen et al.’s result by exhibiting three constructions, which are instantiations of the Two-Keyed-DbHtS framework, such that each of their n-bit keyed hash functions are O(2−n) universal and regular, while the constructions themselves are secure only up to the birthday bound. In this work, we show a sufficient condition on the underlying Double-block Hash (DbH) function, under which we prove an improved 3n/4-bit multi-user security of the Two-Keyed-DbHtS construction in the ideal-cipher model. To be more precise, we show that if each of the n-bit keyed hash function is universal, regular, and cross-collision resistant then it achieves the desired security. As an instantiation, we show that two-keyed Polyhash-based DbHtS construction is multi-user secure up to 23n/4 queries in the ideal-cipher model. Furthermore, due to the generic attack on DbHtS constructions by Leurent et al. in CRYPTO’18, our derived bound for the construction is tight.
BibTeX
@article{tosc-2023-33058,
  title={Tight Multi-User Security Bound of DbHtS},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 1},
  pages={192-223},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/10312},
  doi={10.46586/tosc.v2023.i1.192-223},
  author={Nilanjan Datta and Avijit Dutta and Mridul Nandi and Suprita Talnikar},
  year=2023
}