/. Openssl, Os) 2148 636 2784 156 440 14.9k 109 k 823k 114 c/B OpenSSL (O3) 3388 692 4080 180 440 11.2k 89.2k 677k 94 c/B Chaskey-12 B, pp.916-916

C. Openssl, Os) 388 636 1024 148 64 24.4k 271 k 2110k 291 c/B OpenSSL (O3) 820 692 1512 116 64 14

J. P. Aumasson and D. J. Bernstein, SipHash: A fast short-input PRF, INDOCRYPT 2012, vol.7668, pp.489-508, 2012.

J. P. Aumasson, L. Henzen, W. Meier, and M. Naya-plasencia, Quark: A lightweight hash, Journal of Cryptology, vol.26, issue.2, pp.313-339, 2013.

D. J. Bernstein, The poly1305-AES message-authentication code, vol.3557, pp.32-49, 2005.

D. J. Bernstein, Stronger security bounds for Wegman-Carter-Shoup authenticators, EUROCRYPT 2005, vol.3494, pp.164-180, 2005.

A. Biryukov and L. Perrin, State of the art in lightweight symmetric cryptography, Cryptology ePrint Archive, 2017.

J. Black, M. Cochran, and . Mac-reforgeability, FSE 2009, vol.5665, pp.345-362, 2009.

J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway, UMAC: Fast and secure message authentication, CRYPTO'99, vol.1666, pp.216-233, 1999.

A. Bogdanov, M. Kne?evi?, G. Leander, D. Toz, K. Varici et al., Spongent: A lightweight hash function, CHES 2011, vol.6917, pp.312-325, 2011.

A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann et al., PRESENT: An ultra-lightweight block cipher, CHES 2007, vol.4727, pp.450-466, 2007.

J. L. Carter and M. N. Wegman, Universal classes of hash functions, Proceedings of the ninth annual ACM symposium on Theory of computing, pp.106-112, 1977.

B. Cogliati and Y. Seurin, EWCDM: An efficient, beyond-birthday secure, noncemisuse resistant MAC, CRYPTO 2016, Part I. LNCS, vol.9814, pp.121-149, 2016.
URL : https://hal.archives-ouvertes.fr/hal-02163309

J. Daemen, M. Peeters, G. Van-assche, and V. Rijmen, Nessie proposal: NOEKEON. In: First Open NESSIE Workshop, 2000.

N. Datta, A. Dutta, M. Nandi, G. Paul, and L. Zhang, Single key variant of PMAC Plus, IACR Trans. Symm. Cryptol, vol.2017, issue.4, pp.268-305, 2017.

M. Dietzfelbinger, J. Gil, Y. Matias, and N. Pippenger, Polynomial hash functions are reliable, Automata, Languages and Programming, pp.235-246, 1992.

, NIST FIPS PUB, vol.113, 1985.

E. N. Gilbert, F. J. Macwilliams, and N. J. Sloane, Codes which detect deception, Bell Labs Technical Journal, vol.53, issue.3, pp.405-424, 1974.

S. Gilboa, S. Gueron, and B. Morris, How many queries are needed to distinguish a truncated random permutation from a random function, Journal of Cryptology, vol.31, issue.1, pp.162-171, 2018.

Z. Gong, P. H. Hartel, S. Nikova, S. Tang, and B. Zhu, Tulp: A family of lightweight message authentication codes for body sensor networks, J. Comput. Sci. Technol, vol.29, issue.1, pp.53-68, 2014.

D. Hong, J. Sung, S. Hong, J. Lim, S. Lee et al., HIGHT: A new block cipher suitable for low-resource device, CHES 2006, vol.4249, pp.46-59, 2006.

L. Keliher and J. Sui, Exact maximum expected differential and linear probability for two-round advanced encryption standard, IET Information Security, vol.1, issue.2, pp.53-57, 2007.

G. Leurent and F. Sibleyras, The missing difference problem, and its applications to counter mode encryption, EUROCRYPT 2018, Part II, vol.10821, pp.745-770, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01953390

A. Luykx and B. Preneel, Optimal forgeries against polynomial-based MACs and GCM, EUROCRYPT 2018, Part I. LNCS, vol.10820, pp.445-467, 2018.

A. Luykx, B. Preneel, E. Tischhauser, and K. Yasuda, A MAC mode for lightweight block ciphers, FSE 2016, vol.9783, pp.43-59, 2016.

D. A. Mcgrew and J. Viega, The security and performance of the Galois/counter mode (GCM) of operation, DOCRYPT 2004, vol.3348, pp.343-355, 2004.

B. Mennink and S. Neves, Encrypted davies-meyer and its dual: Towards optimal security using mirror theory, Part III, vol.10403, pp.556-583, 2017.

K. Minematsu and Y. Tsunoo, Provably secure MACs from differentially-uniform permutations and AES-based implementations, FSE 2006, vol.4047, pp.226-241, 2006.

N. Mouha, B. Mennink, A. V. Herrewege, D. Watanabe, B. Preneel et al., Chaskey: An efficient MAC algorithm for 32-bit microcontrollers, SAC 2014, vol.8781, pp.306-323, 2014.

M. Nandi, Bernstein bound on wcs is tight -repairing luykx-preneel optimal forgeries, CRYPTO 2018, 2018.

B. Preneel and P. C. Van-oorschot, MDx-MAC and building fast MACs from hash functions, CRYPTO'95, vol.963, pp.1-14, 1995.

G. Procter and C. Cid, On weak keys and forgery attacks against polynomial-based MAC schemes, FSE 2013, vol.8424, pp.287-304, 2014.

V. Shoup, On fast and provably secure message authentication based on universal hashing, CRYPTO'96, vol.1109, pp.313-328, 1996.

D. R. Stinson, Universal hashing and authentication codes, CRYPTO'91, vol.576, pp.74-85, 1992.

M. N. Wegman and L. Carter, New hash functions and their use in authentication and set equality, Journal of Computer and System Sciences, vol.22, pp.265-279, 1981.

K. Yasuda, The sum of CBC MACs is a secure PRF, CT-RSA 2010, vol.5985, pp.366-381, 2010.

L. Zhang, W. Wu, H. Sui, and P. Wang, 3kf9: Enhancing 3GPP-MAC beyond the birthday bound, vol.7658, pp.296-312, 2012.