In this paper, we propose TMAC. TMAC is a refinement of XCBC such that it requires only
two keys while XCBC requires three keys. More precisely, TMAC requires only (k+ n)-bit …

Abstract Preneel et al.(Crypto 1993) assessed 64 possible ways to construct a compression
functions out of a blockcipher. They conjectured that 12 out of these 64 so-called PGV …

Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at
ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. A …

We define a new mode of operation for block ciphers which, in addition to providing
confidentiality, also ensures message integrity. In contrast, previously for message integrity a …

In this work, we study the security of deterministic MAC constructions with a double-block
internal state, captured by the double-block hash-then-sum (DbHtS) paradigm. Most DbHtS …

Given an n-bit to n-bit MAC (eg, a fixed key blockcipher) with MAC security ε against q
queries, we design a variable-length MAC achieving MAC security O (εq, poly (n)) against …

Abstract Liskov, Rivest and Wagner formalized the tweakable blockcipher (TBC) primitive at
CRYPTO'02. The typical recipe for instantiating a TBC is to start with a blockcipher, and then …

We put forward a new model for understanding the security of symmetric-key primitives, such
as block ciphers. The model captures the fact that many such primitives often consist of …

We revisit the double-pipe construction introduced by Lucks at Asiacrypt 2005. Lucks
originally studied the construction for iterated hash functions and showed that the approach …

Practical MACs are typically designed by iterating applications of some fixed-input-length
(FIL) primitive, namely one like a block cipher or compression function that only applies to …