Encrypted Davies-Meyer and its dual: Towards optimal security using mirror theory
At CRYPTO 2016, Cogliati and Seurin introduced the Encrypted Davies-Meyer construction, p2(p1(x)⊕x) for two n-bit permutations p1,p2, and proved security up to 22n/3. We present an improved security analysis up to 2n/(67n). Additionally, we introduce the dual of the Encrypted Davies-Meyer construction, p2(p1(x)) ⊕ p1(x), and prove even tighter security for this construction: 2n/67. We finally demonstrate that the analysis neatly generalizes to prove almost optimal security of the Encrypted Wegman-Carter with Davies-Meyer MAC construction. Central to our analysis is a modernization of Patarin’s mirror theorem and an exposition of how it relates to fundamental cryptographic problems.
|Encrypted Davies-Meyer, Encrypted Davies-Meyer dual, EWCDM, Optimal security, PRP-to-PRF|
|Annual International Cryptology Conference|
|Organisation||Centrum Wiskunde & Informatica, Amsterdam, The Netherlands|
Mennink, B.J.M, & Neves, S. (2017). Encrypted Davies-Meyer and its dual: Towards optimal security using mirror theory. In Lecture Notes in Computer Science/Lecture Notes in Artificial Intelligence (pp. 556–583). doi:10.1007/978-3-319-63697-9_19