Tweakable Block Ciphers

  • Moses Liskov
  • Ronald L. Rivest
  • David Wagner
Conference paper

DOI: 10.1007/3-540-45708-9_3

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2442)
Cite this paper as:
Liskov M., Rivest R.L., Wagner D. (2002) Tweakable Block Ciphers. In: Yung M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg

Abstract

We propose a new cryptographic primitive, the “tweakable block cipher.” Such a cipher has not only the usual inputs — message and cryptographic key — but also a third input, the “tweak.” The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable block ciphers are easy to design, (2) the extra cost of making a block cipher “tweakable” is small, and (3) it is easier to design and prove modes of operation based on tweakable block ciphers.

Keywords

block ciphers tweakable block ciphers initialization vector modes of operation 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Moses Liskov
    • 1
  • Ronald L. Rivest
    • 1
  • David Wagner
    • 2
  1. 1.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridgeUSA
  2. 2.University of California BerkeleyBerkeleyUSA

Personalised recommendations