{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T05:36:16Z","timestamp":1733895376379,"version":"3.30.1"},"reference-count":0,"publisher":"Universitatsbibliothek der Ruhr-Universitat Bochum","issue":"1","license":[{"start":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T00:00:00Z","timestamp":1709251200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ToSC"],"abstract":"<jats:p>DCT is a beyond-birthday-bound (BBB) deterministic authenticated encryption (DAE) mode proposed by Forler et al. in ACISP 2016, ensuring integrity by redundancy. The instantiation of DCT employs the BRW polynomial, which is more efficient than the usual polynomial in GCM by reducing half of the multiplication operations. However, we show that DCT suffers from a small stretch problem similar to GCM. When the stretch length \u03c4 is small, choosing a special m-block message, we can reduce the number of queries required by a successful forgery to O(2\u03c4\/m). We emphasize that this attack efficiently balances space and time complexity but does not contradict the security bounds of DCT. Finally, we propose an improved scheme named Robust DCT (RDCT) with a minor change to DCT, which improves the security when \u03c4 is small and makes it resist the above attack.<\/jats:p>","DOI":"10.46586\/tosc.v2024.i1.114-134","type":"journal-article","created":{"date-parts":[[2024,3,1]],"date-time":"2024-03-01T14:48:07Z","timestamp":1709304487000},"page":"114-134","source":"Crossref","is-referenced-by-count":0,"title":["Small Stretch Problem of the DCT Scheme and How to Fix It"],"prefix":"10.46586","volume":"2024","author":[{"given":"Yuchao","family":"Chen","sequence":"first","affiliation":[]},{"given":"Tingting","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Lina","family":"Shang","sequence":"additional","affiliation":[]},{"given":"Shuping","family":"Mao","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Wang","sequence":"additional","affiliation":[]}],"member":"25480","published-online":{"date-parts":[[2024,3,1]]},"container-title":["IACR Transactions on Symmetric Cryptology"],"original-title":[],"link":[{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/download\/11403\/11630","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/download\/11403\/11760","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/download\/11403\/10901","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T14:04:29Z","timestamp":1733839469000},"score":1,"resource":{"primary":{"URL":"https:\/\/philosophymindscience.org\/index.php\/ToSC\/article\/view\/11403"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,1]]},"references-count":0,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3,1]]}},"URL":"https:\/\/doi.org\/10.46586\/tosc.v2024.i1.114-134","relation":{},"ISSN":["2519-173X"],"issn-type":[{"type":"electronic","value":"2519-173X"}],"subject":[],"published":{"date-parts":[[2024,3,1]]}}}