Recent works have shown that quantum period-finding can be used to break many popular
constructions (some block ciphers such as Even-Mansour, multiple MACs and AEs...) in the …

Abstract Encrypt-then-MAC (EtM) is a popular mode for authenticated encryption (AE).
Unfortunately, almost all designs following the EtM paradigm, including the AE suites for …

Abstract At CRYPTO 2016, Cogliati and Seurin have proposed a highly secure nonce-based
MAC called Encrypted Wegman-Carter with Davies-Meyer (EWCDM EWCDM) construction …

In ICISC-05, and in the ePrint 2010/287, Patarin claimed a lower bound on the number of
tuples of-bit strings satisfying for such that, are distinct and. This result is known as Mirror …

In CRYPTO'03, Patarin conjectured a lower bound on the number of distinct solutions (P
1,…, P q)∈({0, 1} n) q satisfying a system of equations of the form X i⊕ X j= λ i, j such that P …

In this work, we study the security of several recent MAC constructions with provable security
beyond the birthday bound. We consider block-cipher based constructions with a double …

Abstract Double-block Hash-then-Sum (DbHtS) MACs are a class of MACs that aim for
achieving beyond-birthday-bound security, including SUM-ECBC, PMAC_Plus, 3kf9 and …

Let σ be some positive integer and C⊆{(i, j): 1≤ i< j≤ σ}. The theory behind finding a lower
bound on the number of distinct blocks P1,..., Pσ∈{0, 1} n satisfying a set of linear equations …

We systematically study the security of twelve Beyond-Birthday-Bound Message
Authentication Codes (BBB MACs) in the Q2 model where attackers have quantum-query …

In an early version of CRYPTO'17, Mennink and Neves proposed EWCDMD, a dual of
EWCDM, and showed n-bit security, where n is the block size of the underlying block cipher …