Reconsidering the Security Bound of AES-GCM-SIV

Tetsu Iwata; Yannick Seurin

doi:10.13154/tosc.v2017.i4.240-267

Reconsidering the Security Bound of AES-GCM-SIV

Authors

Tetsu Iwata Nagoya University, Nagoya, Japan
Yannick Seurin Agence nationale de la sécurité des systèmes d'information (ANSSI), Paris, France

DOI:

https://doi.org/10.13154/tosc.v2017.i4.240-267

Keywords:

authenticated encryption, AEAD, GCM-SIV, AES-GCM-SIV, CAESAR competition

Abstract

We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.

Downloads

Published

2017-12-15

Issue

Volume 2017, Issue 4

Section

Articles

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Reconsidering the Security Bound of AES-GCM-SIV. (2017). IACR Transactions on Symmetric Cryptology, 2017(4), 240-267. https://doi.org/10.13154/tosc.v2017.i4.240-267

Download Citation

Reconsidering the Security Bound of AES-GCM-SIV

Authors

DOI:

Keywords:

Abstract

Downloads

Published

Issue

Section

License

How to Cite

iacr-logo