Open AccessReconsidering the Security Bound of AES-GCM-SIV
Author(s) -
Tetsu Iwata,
Yannick Seurin
Publication year - 2017
Publication title -
iacr transaction on symmetric cryptology
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.715
H-Index - 10
ISSN - 2519-173X
DOI - 10.46586/tosc.v2017.i4.240-267
Subject(s) - gcm transcription factors , authenticated encryption , computer security , computer science , standardization , cryptographic nonce , scheme (mathematics) , simple (philosophy) , encryption , mathematics , geology , philosophy , epistemology , mathematical analysis , oceanography , climate change , general circulation model , operating system
We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.