Skip to main content
SpringerLink
Log in

Efficient Beyond-Birthday-Bound-Secure Deterministic Authenticated Encryption with Minimal Stretch

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9723))

Included in the following conference series:

Abstract

Block-cipher-based authenticated encryption has obtained considerable attention from the ongoing CAESAR competition. While the focus of CAESAR resides primarily on nonce-based authenticated encryption, Deterministic Authenticated Encryption (DAE) is used in domains such as key wrap, where the available message entropy motivates to omit the overhead for nonces. Since the highest possible security is desirable when protecting keys, beyond-birthday-bound (BBB) security is a valuable goal for DAE. In the past, significant efforts had to be invested into designing BBB-secure AE schemes from conventional block ciphers, with the consequences of losing efficiency and sophisticating security proofs.

This work proposes Deterministic Counter in Tweak (DCT), a BBB-secure DAE scheme inspired by the Counter-in-Tweak encryption scheme by Peyrin and Seurin. Our design combines a fast \(\epsilon \)-almost-XOR-universal family of hash functions, for \(\epsilon \) close to \(2^{-2n}\), with a single call to a 2n-bit SPRP, and a BBB-secure encryption scheme. First, we describe our construction generically with three independent keys, one for each component. Next, we present an efficient instantiation which (1) requires only a single key, (2) provides software efficiency by encrypting at less than two cycles per byte on current x64 processors, and (3) produces only the minimal \(\tau \)-bit stretch for \(\tau \) bit authenticity. We leave open two minor aspects for future work: our current generic construction is defined for messages of at least \(2n-\tau \) bits, and the verification algorithm requires the inverse of the used 2n-bit SPRP and the encryption scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that encoding redundancy into \(M_R\) would require a chosen-ciphertext-secure encryption scheme \(\varPi \).

  2. 2.

    \(F: \mathcal {X} \rightarrow \mathcal {Y} \) is called regular iff all outputs \(Y \in \mathcal {Y} \) are produced by an equal number of preimages \(X \in \mathcal {X} \).

References

  1. Abdelraheem, M.A., Beelen, P., Bogdanov, A., Tischhauser, E.: Twisted polynomials and forgery attacks on GCM. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 762–786. Springer, Heidelberg (2015)

    Google Scholar 

  2. Badertscher, C., Matt, C., Maurer, U., Rogaway, P., Tackmann, B.: Robust authenticated encryption and the limits of symmetric cryptography. In: Groth, J., et al. (eds.) IMACC 2015. LNCS, vol. 9496, pp. 112–129. Springer, Heidelberg (2015). doi:10.1007/978-3-319-27239-9_7

    Chapter  Google Scholar 

  3. Bellare, M., Anand Desai, E., Jokipii, P.R.: A Concrete Security Treatment of Symmetric Encryption. In: FOCS, pp. 394–403. Springer, 1997

    Google Scholar 

  4. Bellare, M., Rogaway, P.: Encode-Then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Bernstein, D.J.: Polynomial evaluation and message authentication (2007). http://cr.yp.to/papers, permanent ID:b1ef3f2d385a926123e1517392e20f8c, 2

  6. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Using Keccak technology for AE: Ketje, Keyak and more. In: SHA-3 2014 Workshop, UC Santa Barbara, 22 August 2014

    Google Scholar 

  7. Boesgaard, M., Christensen, T., Zenner, E.: Badger – a fast and provably secure MAC. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 176–191. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Carter, L., Wegman, N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  9. Chakraborty, Debrup, Mancillas-López, Cuauhtemoc, Sarkar, Palash: Disk Encryption: Do We Need to Preserve Length? IACR Cryptology ePrint Archive 2015:594 (2015)

    Google Scholar 

  10. Chakraborty, D., Sarkar, P.: On modes of operations of a block cipher for authentication and authenticated encryption. Cryptography and Communications, pp. 1–57 (2015)

    Google Scholar 

  11. Coron, J.-S., Dodis, Y., Mandal, A., Seurin, Y.: A domain extender for the ideal cipher. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 273–289. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Dobraunig, Christoph, Eichlseder, Maria, Mendel, Florian: Cryptanalysis of Simpira. IACR Cryptology ePrint Archive 2016:244 (2016)

    Google Scholar 

  13. Forler, Christian, List, Eik, Lucks, Stefan, Wenzel, Jakob: Efficient Beyond-Birthday-Bound-Secure Deterministic Authenticated Encryption with Minimal Stretch. IACR Cryptology ePrint Archive 2016:395 (2016)

    Google Scholar 

  14. Granger, R., Jovanovic, P., Mennink, B., Neves, S.: Improved masking for tweakable blockciphers with applications to authenticated encryption. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 263–293. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49890-3_11

    Chapter  Google Scholar 

  15. Gueron, S., Lindell, Y.: GCM-SIV: Full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM Conference on Computer and Communications Security, pp. 109–119. ACM (2015)

    Google Scholar 

  16. Gueron, S., Mouha, N.: Simpira: A Family of Efficient Permutations Using the AES Round Function. IACR Cryptology ePrint Archive, 2016: 122 version 20160214:005409 (2016)

    Google Scholar 

  17. Gueron, S., Mouha, N.: Simpira v2: A Family of Efficient Permutations Using the AES Round Function. IACR Cryptology ePrint Archive 2016:122 (2016)

    Google Scholar 

  18. Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15–44. Springer, Heidelberg (2015)

    Google Scholar 

  20. Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  21. Iwata, T., Yasuda, K.: BTM: a single-key, inverse-cipher-free mode for deterministic authenticated encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 313–330. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Iwata, T., Yasuda, K.: HBS: a single-key mode of operation for deterministic authenticated encryption. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 394–415. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Jean, J., Nikolic, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014)

    Google Scholar 

  24. Jean, J., Nikolić, I., Peyrin, T.: Deoxys v1.3, 2015. Second-round submission to the CAESAR competition, http://competitions.cr.yp.to/caesar-submissions.html

  25. Jean, J., Nikolić, I., Peyrin, T.: Joltik v1.3 (2015). Second-round submission to the CAESAR competition, http://competitions.cr.yp.to/caesar-submissions.html

  26. Ted Krovetz.:HS1-SIV (2014). http://competitions.cr.yp.to/caesar-submissions.html

  27. Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 308–326. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Minematsu, K.: Authenticated Encryption without Tag Expansion (or, How to Accelerate AERO). IACR Cryptology ePrint Archive, 2015:738 (2015)

    Google Scholar 

  29. Minematsu, K.: Building blockcipher from small-block tweakable blockcipher. Des. Code Crypt. 74(3), 645–663 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  30. Peyrin, T., Seurin, Y.: Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers. Cryptology ePrint Archive, Report 2015/1049 (2015)

    Google Scholar 

  31. Procter, G., Cid, C.: On weak keys and forgery attacks against polynomial-based mac schemes. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 287–304. Springer, Heidelberg (2014)

    Google Scholar 

  32. Reyhanitabar, R., Vaudenay, S., Vizár, D.: Misuse-resistant variants of the OMD authenticated encryption mode. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds.) ProvSec 2014. LNCS, vol. 8782, pp. 55–70. Springer, Heidelberg (2014)

    Google Scholar 

  33. Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  34. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  35. Rogaway, P., Shrimpton, T.: Deterministic authenticated-encryption: a provable-security treatment of the key-wrap problem. Cryptology ePrint Archive, Report 2006/221. (Full Version) (2006)

    Google Scholar 

  36. Rønjom, S.: Invariant subspaces in Simpira. IACR Cryptology ePrint Archive, 2016:248 (2016)

    Google Scholar 

  37. Sarkar, P.: Improving upon the TET mode of operation. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 180–192. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  38. Sarkar, P.: Efficient tweakable enciphering schemes from (Block-Wise) universal hash functions. IEEE Trans. Inf. Theory 55(10), 4749–4760 (2009)

    Article  MathSciNet  Google Scholar 

  39. Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 405–423. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  40. Wang, P., Feng, D., Wu, W.: HCTR: a variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175–188. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hochschule Schmalkalden, Schmalkalden, Germany

    Christian Forler

  2. Bauhaus-Universität Weimar, Weimar, Germany

    Eik List, Stefan Lucks & Jakob Wenzel

Authors
  1. Christian Forler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eik List
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Lucks
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jakob Wenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eik List .

Editor information

Editors and Affiliations

  1. Monash University , Melbourne, Victoria, Australia

    Joseph K. Liu

  2. Monash University , Melbourne, Victoria, Australia

    Ron Steinfeld

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Forler, C., List, E., Lucks, S., Wenzel, J. (2016). Efficient Beyond-Birthday-Bound-Secure Deterministic Authenticated Encryption with Minimal Stretch. In: Liu, J., Steinfeld, R. (eds) Information Security and Privacy. ACISP 2016. Lecture Notes in Computer Science(), vol 9723. Springer, Cham. https://doi.org/10.1007/978-3-319-40367-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40367-0_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40366-3

  • Online ISBN: 978-3-319-40367-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation