Cryptanalysis of PMACx, PMAC2x, and SIVx

  • Kazuhiko Minematsu NEC Corporation, Kawasaki
  • Tetsu Iwata Nagoya University
Keywords: Cryptanalysis, PMACx, PMAC2x, SIVx, provable security


At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.
How to Cite
Minematsu, K., & Iwata, T. (2017). Cryptanalysis of PMACx, PMAC2x, and SIVx. IACR Transactions on Symmetric Cryptology, 2017(2), 162-176.