Paper 2023/218
On the Post-Quantum Security of Classical Authenticated Encryption Schemes
, Bauhaus University, Weimar, Bauhaus University, WeimarAbstract
We study the post-quantum security of authenticated encryption (AE) schemes, designed with classical security in mind. Under superposition attacks, many CBC-MAC variants have been broken, and AE modes employing those variants, such as EAX and GCM, thus fail at authenticity. As we show, the same modes are IND-qCPA insecure, i.e., they fail to provide privacy under superposition attacks. However, a constrained version of GCM is IND-qCPA secure, and a nonce-based variant of the CBC-MAC is secure under superposition queries. Further, the combination of classical authenticity and classical chosen-plaintext privacy thwarts attacks with superposition chosen-ciphertext and classical chosen-plaintext queries -a security notion that we refer to as IND-qdCCA. And nonce-based key derivation allows generically turning an IND-qdCCA secure scheme into an IND-qCCA secure scheme.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. AfricaCrypt 2023
- Keywords
- authenticated encryptionpost-quantum security
- Contact author(s)
-
nathalie lang @ uni-weimar de
stefan lucks @ uni-weimar de - History
- 2023-06-16: last of 2 revisions
- 2023-02-17: received
- See all versions
- Short URL
- https://ia.cr/2023/218
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/218,
author = {Nathalie Lang and Stefan Lucks},
title = {On the Post-Quantum Security of Classical Authenticated Encryption Schemes},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/218},
year = {2023},
url = {https://eprint.iacr.org/2023/218}
}
