Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
AES PMAC SIV
AES-PMAC-SIV is a fully parallelizable variant of AES-SIV which substitutes the AES-PMAC function for integrity:
AES-PMAC-SIV provides effectively identical security properties as the original AES-SIV construction, including nonce reuse misuse resistance, but also performs significantly better on systems which provide parallel hardware implementations of AES, namely Intel/AMD CPUs but also certain IoT devices.
Though it has not yet been described by a standards body and it is only presently available in Miscreant libraries, AES-PMAC-SIV is a compelling algorithm which retains all of the original security properties of AES-SIV according to Phil Rogaway, the cryptographer who originally designed the AES-SIV, AES-CMAC, and AES-PMAC algorithms:
The proof in the SIV paper uses generic properties of the SIV construction: you can stick in any provably-sound PRF. Quantitative results will depend on the quality of the PRF, but in the case of CMAC and PMAC, the ‘basic’ bounds are the same (within a small constant). I remember there being somewhat improved bounds for PMAC, like [Nandi, Mandal 2007], but by the time you throw in CTR, it probably doesn’t help. So, yes, effectively equivalent, as far as I know.