EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC.

We propose a nonce-based MAC construction called EWCDM Encrypted Wegman-Carter with Davies-Meyer, based on an almost xor-universal hash function and a block cipher, with the following properties: i it is simple and efficient, requiring only two calls to the block cipher, one of which can be carried out in parallel to the hash function computation; ii it is provably secure beyond the birthday bound when nonces are not reused; iii it provably retains security up﾿to the birthday bound in case of nonce misuse. Our construction is a simple modification of the Encrypted Wegman-Carter construction, which is known to achieve only i and iii when based on a block cipher. Underlying our new construction is a new PRP-to-PRF conversion method coined Encrypted Davies-Meyer, which turns a pair of secret random permutations into a function which is provably indistinguishable from a perfectly random function up﾿to at least $$2^{2n/3}$$ queries, where n is the bit-length of the domain of the permutations.