A tight bound for EMAC Conference Paper

Author(s): Pietrzak, Krzysztof
Title: A tight bound for EMAC
Title Series: LNCS
Abstract: We prove a new upper bound on the advantage of any adversary for distinguishing the encrypted CBC-MAC (EMAC) based on random permutations from a random function. Our proof uses techniques recently introduced in [BPR05], which again were inspired by [DGH + 04]. The bound we prove is tight — in the sense that it matches the advantage of known attacks up to a constant factor — for a wide range of the parameters: let n denote the block-size, q the number of queries the adversary is allowed to make and ℓ an upper bound on the length (i.e. number of blocks) of the messages, then for ℓ ≤ 2 n/8 and q≥ł2 the advantage is in the order of q 2/2 n (and in particular independent of ℓ). This improves on the previous bound of q 2ℓΘ(1/ln ln ℓ)/2 n from [BPR05] and matches the trivial attack (which thus is basically optimal) where one simply asks random queries until a collision is found.
Conference Title: ICALP: Automata, Languages and Programming
Volume: 4052
Conference Dates: July 10-14, 2006
Conference Location: Venice, Italy
Publisher: Springer  
Date Published: 2006-07-28
Start Page: 168
End Page: 179
Copyright Statement: ⓒ Springer-Verlag Berlin Heidelberg 2006
Sponsor: Part of this work is supported by the Commission of the European Communities through the IST program under contract IST-2002-507932 ECRYPT.
DOI: 10.1007/11787006_15
Open access: no
IST Austria Authors
Related IST Austria Work