International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Key Prediction Security of Keyed Sponges

Authors:
Bart Mennink , Digital Security Group, Radboud University, Nijmegen
Download:
DOI: 10.13154/tosc.v2018.i4.128-149
URL: https://tosc.iacr.org/index.php/ToSC/article/view/7364
Search ePrint
Search Google
Abstract: The keyed sponge is a well-accepted method for message authentication. It processes data at a certain rate by sequential evaluation of an underlying permutation. If the key size k is smaller than the rate, currently known bounds are tight, but if it exceeds the rate, state of the art only dictates security up to 2k/2. We take closer inspection at the key prediction security of the sponge and close the remaining gap in the existing security analysis: we confirm key security up to close to 2k, regardless of the rate. The result impacts all applications of the keyed sponge and duplex that process at a rate smaller than the key size, including the STROBE protocol framework, as well as the related constructions such as HMAC-SHA-3 and the sandwich sponge.
BibTeX
@article{tosc-2018-29249,
  title={Key Prediction Security of Keyed Sponges},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={2018, Issue 4},
  pages={128-149},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/7364},
  doi={10.13154/tosc.v2018.i4.128-149},
  author={Bart Mennink},
  year=2018
}