A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf
.
Beyond Conventional Security in Sponge-Based Authenticated Encryption Modes
2018
Journal of Cryptology
The Sponge function is known to achieve 2 c/2 security, where c is its capacity. This bound was carried over to its keyed variants, such as SpongeWrap, to achieve a min{2 c/2 , 2 κ } security bound, with κ the key length. Similarly, many CAESAR competition submissions were designed to comply with the classical 2 c/2 security bound. We show that Sponge-based constructions for authenticated encryption can achieve the significantly higher bound of min{2 b/2 , 2 c , 2 κ }, with b > c the
doi:10.1007/s00145-018-9299-7
fatcat:jqdqmvr2wnec3ip5qy5gmy3hl4