Advances in Cryptology - ASIACRYPT 2013

Volume 8269 of the series Lecture Notes in Computer Science pp 405-423

A Modular Framework for Building Variable-Input-Length Tweakable Ciphers

  • Thomas ShrimptonAffiliated withDept. of Computer Science, Portland State University
  • , R. Seth TerashimaAffiliated withDept. of Computer Science, Portland State University


We present the Protected-IV construction (PIV) a simple, modular method for building variable-input-length tweakable ciphers. At our level of abstraction, many interesting design opportunities surface. For example, an obvious pathway to building beyond birthday-bound secure tweakable ciphers with performance competitive with existing birthday-bound-limited constructions. As part of our design space exploration, we give two fully instantiated PIV constructions, TCT 1 and TCT 2; the latter is fast and has beyond birthday-bound security, the former is faster and has birthday-bound security. Finally, we consider a generic method for turning a VIL tweakable cipher (like PIV) into an authenticated encryption scheme that admits associated data, can withstand nonce-misuse, and allows for multiple decryption error messages. Thus, the method offers robustness even in the face of certain sidechannels, and common implementation mistakes.


tweakable blockciphers beyond-birthday-bound security authenticated encryption associated data full-disk encryption