International Association for Cryptologic Research

International Association
for Cryptologic Research


On the Security of Keyed Hashing Based on Public Permutations

Jonathan Fuchs , Radboud University
Yann Rotella , Université Paris-Saclay
Joan Daemen , Radboud University
DOI: 10.1007/978-3-031-38548-3_20 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2023
Abstract: Doubly-extendable cryptographic keyed functions (deck) generalize the concept of message authentication codes (MAC) and stream ciphers in that they support variable-length strings as input and return variable-length strings as output. A prominent example of building deck functions is Farfalle, which consists of a set of public permutations and rolling functions that are used in its compression and expansion layers. By generalizing the compression layer of Farfalle, we prove its universality in terms of the probability of differentials over the public permutation used in it. As the compression layer of Farfalle is inherently parallel, we compare it to a generalization of a serial compression function inspired by Pelican-MAC. The same public permutation may result in different universalities depending on whether the compression is done in parallel or serial. The parallel construction consistently performs better than the serial one, sometimes by a big factor. We demonstrate this effect using Xoodoo[3], which is a round-reduced variant of the public permutation used in the deck function Xoofff.
  title={On the Security of Keyed Hashing Based on Public Permutations},
  author={Jonathan Fuchs and Yann Rotella and Joan Daemen},