{"day":"01","ec_funded":1,"year":"2015","publisher":"Springer","date_published":"2015-08-01T00:00:00Z","publist_id":"5478","language":[{"iso":"eng"}],"pubrep_id":"673","intvolume":" 9215","file":[{"date_updated":"2020-07-14T12:45:11Z","file_id":"4827","creator":"system","checksum":"17d854227b3b753fd34f5d29e5b5a32e","date_created":"2018-12-12T10:10:38Z","file_name":"IST-2016-673-v1+1_053.pdf","relation":"main_file","access_level":"open_access","file_size":592296,"content_type":"application/pdf"}],"title":"The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC","quality_controlled":"1","scopus_import":1,"oa_version":"Submitted Version","department":[{"_id":"KrPi"}],"date_created":"2018-12-11T11:53:23Z","month":"08","citation":{"ieee":"P. Gazi, K. Z. Pietrzak, and S. Tessaro, “The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC,” presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9215, pp. 368–387.","ama":"Gazi P, Pietrzak KZ, Tessaro S. The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. In: Vol 9215. Springer; 2015:368-387. doi:10.1007/978-3-662-47989-6_18","mla":"Gazi, Peter, et al. The Exact PRF Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC. Vol. 9215, Springer, 2015, pp. 368–87, doi:10.1007/978-3-662-47989-6_18.","short":"P. Gazi, K.Z. Pietrzak, S. Tessaro, in:, Springer, 2015, pp. 368–387.","apa":"Gazi, P., Pietrzak, K. Z., & Tessaro, S. (2015). The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC (Vol. 9215, pp. 368–387). Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-47989-6_18","chicago":"Gazi, Peter, Krzysztof Z Pietrzak, and Stefano Tessaro. “The Exact PRF Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC,” 9215:368–87. Springer, 2015. https://doi.org/10.1007/978-3-662-47989-6_18.","ista":"Gazi P, Pietrzak KZ, Tessaro S. 2015. The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. CRYPTO: International Cryptology Conference, LNCS, vol. 9215, 368–387."},"page":"368 - 387","project":[{"call_identifier":"FP7","name":"Provable Security for Physical Cryptography","_id":"258C570E-B435-11E9-9278-68D0E5697425","grant_number":"259668"}],"status":"public","file_date_updated":"2020-07-14T12:45:11Z","oa":1,"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","ddc":["004","005"],"has_accepted_license":"1","type":"conference","volume":9215,"date_updated":"2021-01-12T06:52:25Z","alternative_title":["LNCS"],"doi":"10.1007/978-3-662-47989-6_18","conference":{"end_date":"2015-08-20","start_date":"2015-08-16","name":"CRYPTO: International Cryptology Conference","location":"Santa Barbara, CA, United States"},"author":[{"id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87","last_name":"Gazi","first_name":"Peter","full_name":"Gazi, Peter"},{"last_name":"Pietrzak","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z","full_name":"Pietrzak, Krzysztof Z","orcid":"0000-0002-9139-1654"},{"last_name":"Tessaro","full_name":"Tessaro, Stefano","first_name":"Stefano"}],"_id":"1671","abstract":[{"text":"This paper studies the concrete security of PRFs and MACs obtained by keying hash functions based on the sponge paradigm. One such hash function is KECCAK, selected as NIST’s new SHA-3 standard. In contrast to other approaches like HMAC, the exact security of keyed sponges is not well understood. Indeed, recent security analyses delivered concrete security bounds which are far from existing attacks. This paper aims to close this gap. We prove (nearly) exact bounds on the concrete PRF security of keyed sponges using a random permutation. These bounds are tight for the most relevant ranges of parameters, i.e., for messages of length (roughly) l ≤ min{2n/4, 2r} blocks, where n is the state size and r is the desired output length; and for l ≤ q queries (to the construction or the underlying permutation). Moreover, we also improve standard-model bounds. As an intermediate step of independent interest, we prove tight bounds on the PRF security of the truncated CBC-MAC construction, which operates as plain CBC-MAC, but only returns a prefix of the output.","lang":"eng"}],"publication_status":"published"}