emanjon
commented
1 day ago Several references to the paper was added in -06.
Open emanjon opened 3 days ago
emanjon
commented
1 day ago Several references to the paper was added in -06.
https://eprint.iacr.org/2024/1928
"In this work, we fill this gap and perform a detailed security analysis of GCM-SST. In particular, we prove that GCM-SST achieves security in the nonce-misuse resilience model of Ashur et al.~(CRYPTO 2017), roughly guaranteeing that even if nonces are reused, evaluations of GCM-SST for new nonces are secure. Our security bound also verified the designers' (informal) claim on tag truncation. Additionally, we investigate and describe possibilities to optimize the hashing in GCM-SST further, and we describe a universal forgery attack in a complexity of around , improving over an earlier attack of complexity of Lindell, when the tag is 32 bits."
The draft should refer to this work, in particular to the security proof in the nonce-misuse resilience model, and the improvements of Lindell's attack, which applies if GCM-SST is used without replay protection.