Message Authentication Codes Against Related-Key Attacks Under LPN and LWE

Message authentication code (MAC) guarantees the authenticity of messages and is one of the most important primitives in cryptography. We study related-key attacks with which the adversary is able to choose function f and observe the behavior of the MAC under the modified authenticated key f(k), and consider unforgeability of MAC under (selectively) chosen message attack with f(k). We focus on MAC schemes from the Learning parity with noise (LPN) and the Learning with errors (LWE) problem by Kiltz et al. in EUROCRYPT 2011. We first prove that the MAC schemes from LPN/ LWE can resist key-shift attacks and enlarge the key-shift function set to support a subclass of affine functions.