Optimally Secure Tweakable Blockciphers

详细信息    查看全文

• 关键词：Tweakable blockcipher ; Liskov ; Rivest ; Wagner ; Optimal security ; Beyond birthday bound
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：9054
• 期：1
• 页码：428-448
• 全文大小：444 KB
• 参考文献：1. Aiello, W., Bellare, M., Di Crescenzo, G., Venkatesan, R.: Security amplification by composition: the case of doubly-iterated, ideal ciphers. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 390鈥?07. Springer, Heidelberg (1998)
  2. Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 424鈥?43. Springer, Heidelberg (2013) View Article
  3.Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491鈥?06. Springer, Heidelberg (2003)View Article
  4. Bellare, M., Rogaway, P.: The security of triple encryption and a framework聽for聽code-based聽game-playing聽proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409鈥?26. Springer, Heidelberg (2006) View Article
  5. Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1鈥?8. Springer, Heidelberg (2009) View Article
  6. Biryukov, A., Khovratovich, D., Nikoli膰, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231鈥?49. Springer, Heidelberg (2009) View Article
  7. Chakraborty, D., Sarkar, P.: A general construction of tweakable block ciphers and different modes of operations. In: Lipmaa, H., Yung, M., Lin, D. (eds.) Inscrypt 2006. LNCS, vol. 4318, pp. 88鈥?02. Springer, Heidelberg (2006) View Article
  8.Chakraborty, D., Sarkar, P.: HCH: a new tweakable enciphering scheme using the hash-counter-hash approach. IEEE Trans. Inf. Theory 54(4), 1683鈥?699 (2008)MathSciNet View Article MATH
  9. Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327鈥?50. Springer, Heidelberg (2014) View Article
  10. Crowley, P.: Mercy: a fast large block cipher for disk sector encryption. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 49鈥?3. Springer, Heidelberg (2001) View Article
  11.Daemen, J., Rijmen, V.: On the related-key attacks against AES. Proc. Rom. Acad. Ser. A 13(4), 395鈥?00 (2012)MathSciNet
  12. Dai, Y., Lee, J., Mennink, B., Steinberger, J.: The security of multiple encryption in the ideal cipher model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 20鈥?8. Springer, Heidelberg (2014)
  13.Dworkin, M.: NIST SP 800鈥?8E: recommendation for block cipher modes of operation: the XTS-AES mode for confidentiality on storage devices (2010)
  14.Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family (2010). Submission to NIST鈥檚 SHA-3 competition
  15. Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196鈥?15. Springer, Heidelberg (2012) View Article
  16. Ga啪i, P.: Plain versus randomized cascading-based key-length extension for block ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 551鈥?70. Springer, Heidelberg (2013) View Article
  17. Ga啪i, P., Maurer, U.: Cascade encryption revisited. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 37鈥?1. Springer, Heidelberg (2009) View Article
  18. Goldenberg, D., Hohenberger, S., Liskov, M., Schwartz, E.C., Seyalioglu, H.: On tweaking luby-rackoff blockciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 342鈥?56. Springer, Heidelberg (2007) View Article
  19.Gueron, S.: AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition. In: DIAC 2013 (2013)
  20. Halevi, S.: EME*: extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315鈥?27. Springer, Heidelberg (2004) View Article
  21. Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482鈥?99. Springer, Heidelberg (2003) View Article
  22. Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292鈥?04. Springer, Heidelberg (2004) View Article
  23. Jean, J., Nikoli膰, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 274鈥?88. Springer, Heidelberg (2014)
  24. Jetchev, D., 脰zen, O., Stam, M.: Collisions are not incidental: a compression function exploiting discrete geometry. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 303鈥?20. Springer, Heidelberg (2012) View Article
  25. Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129鈥?39. Springer, Heidelberg (1994)
  26. Lampe, R., Seurin, Y.: Tweakable blockciphers with asymptotically optimal security. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 133鈥?52. Springer, Heidelberg (2014)
  27. Landecker, W., Shrimpton, T., Terashima, R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 14鈥?0. Springer, Heidelberg (2012) View Article
  28. Lee, J.: Towards key-length extension with optimal security: cascade encryption and Xor-cascade encryption. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 405鈥?25. Springer, Heidelberg (2013) View Article
  29. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31鈥?6. Springer, Heidelberg (2002) View Article
  30. Mendel, F., Mennink, B., Rijmen, V., Tischhauser, E.: A simple key-recovery attack on McOE-X. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 23鈥?1. Springer, Heidelberg (2012) View Article
  31. Mennink, B.: Optimal collision security in double block length hashing with single length key. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 526鈥?43. Springer, Heidelberg (2012) View Article
  32. Minematsu, K.: Improved security analysis of XEX and LRW modes. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 96鈥?13. Springer, Heidelberg (2007) View Article
  33. Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 308鈥?26. Springer, Heidelberg (2009) View Article
  34. Minematsu, K., Matsushima, T.: Tweakable enciphering schemes from hash-sum-expansion. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 252鈥?67. Springer, Heidelberg (2007) View Article
  35. Mitsuda, A., Iwata, T.: Tweakable pseudorandom permutation from generalized feistel structure. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 22鈥?7. Springer, Heidelberg (2008) View Article
  36. Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306鈥?23. Springer, Heidelberg (2014)
  37.脰zen, O.: Design and analysis of multi-block-length hash functions. Ph.D. thesis, 脡cole Polytechnique F茅d茅rale de Lausanne, Lausanne (2012)
  38.Patarin, J.: A proof of security in \({O}(2^n)\) for the Xor of two random permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232鈥?48. Springer, Heidelberg (2008) View Article
  39.Procter, G.: A note on the CLRW2 tweakable block cipher construction. Cryptology ePrint Archive, Report 2014/111 (2014)
  40. Rogaway, P.: Bucket hashing and its application to fast message authentication. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 29鈥?2. Springer, Heidelberg (1995)
  41. Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16鈥?1. Springer, Heidelberg (2004) View Article
  42.Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, pp. 196鈥?05. New York, ACM (2001)
  43. Rogaway, P., Steinberger, J.P.: Security/efficiency tradeoffs for permutation-based hashing. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 220鈥?36. Springer, Heidelberg (2008) View Article
  44. Rogaway, P., Zhang, H.: Online ciphers from tweakable blockciphers. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 237鈥?49. Springer, Heidelberg (2011) View Article
  45.Sarkar, P.: Efficient tweakable enciphering schemes from (block-wise) universal hash functions. IEEE Trans. Inf. Theory 55(10), 4749鈥?760 (2009)View Article
  46.Schroeppel, R.: The Hasty Pudding Cipher (1998). Submission to NIST鈥檚 AES competition
  47.Szemer茅di, E., Trotter Jr., W.T.: Extremal problems in discrete geometry. Combinatorica 3(3鈥?), 381鈥?92 (1983)MathSciNet View Article MATH
  48.Tao, T.: The Szemer茅di-Trotter theorem and the cell decomposition (2009).http://鈥媡errytao.鈥媤ordpress.鈥媍om/鈥?009/鈥?6/鈥?2/鈥媡he-szemeredi-trotter-theorem-and-the-cell-decomposition
  49. Wang, P., Feng, D., Wu, W.: HCTR: a variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175鈥?88. Springer, Heidelberg (2005) View Article
  
• 作者单位：Bart Mennink (14) (15)
  
  14. Department of Electrical Engineering, ESAT/COSIC, KU Leuven, Leuven, Belgium
  15. iMinds, Leuven, Belgium
  
• 丛书名：Fast Software Encryption
• ISBN：978-3-662-48116-5
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

We consider the generic design of a tweakable blockcipher from one or more evaluations of a classical blockcipher, in such a way that all input and output wires are of size n bits. As a first contribution, we show that any tweakable blockcipher with one primitive call and arbitrary linear pre- and postprocessing functions can be distinguished from an ideal one with an attack complexity of about \(2^{n/2}\). Next, we introduce the tweakable blockcipher \({\widetilde{F}}[1]\). It consists of one multiplication and one blockcipher call with tweak-dependent key, and achieves \(2^{2n/3}\) security. Finally, we introduce \({\widetilde{F}}[2]\), which makes two blockcipher calls, one of which with tweak-dependent key, and achieves optimal \(2^n\) security. Both schemes are more efficient than all existing beyond birthday bound tweakable blockciphers known to date, as long as one blockcipher key renewal is cheaper than one blockcipher evaluation plus one universal hash evaluation.