Advertisement

The Relation Between CENC and NEMO

  • Bart Mennink
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11124)

Abstract

Counter mode encryption uses a blockcipher to generate a key stream, which is subsequently used to encrypt data. The mode is known to achieve security up to the birthday bound. In this work we consider two approaches in literature to improve it to beyond birthday bound security: CENC by Iwata (FSE 2006) and its generalization NEMO by Lefranc et al. (SAC 2007). Whereas recent discoveries on CENC argued optimal security, the state of the art of NEMO is still sub-optimal. We draw connections among various instantiations of CENC and NEMO, and particularly prove that the improved optimal security bound on the CENC family carries over to a large class of variants of NEMO. We further conjecture that it also applies to the remaining variants, and discuss bottlenecks in proving so.

Keywords

CENC NEMO Optimality Linear codes 

Notes

Acknowledgments

Bart Mennink is supported by a postdoctoral fellowship from the Netherlands Organisation for Scientific Research (NWO) under Veni grant 016.Veni.173.017.

References

  1. 1.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, USA, 19–22 October 1997, pp. 394–403. IEEE Computer Society (1997).  https://doi.org/10.1109/SFCS.1997.646128
  2. 2.
    Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion. Cryptology ePrint Archive, Report 1999/024 (1999). http://eprint.iacr.org/1999/024
  3. 3.
    Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff backwards: increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266–280. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054132CrossRefGoogle Scholar
  4. 4.
    Bhattacharya, S., Nandi, M.: Revisiting variable output length XOR pseudorandom function. IACR Trans. Symmetric Cryptol. 2018(1), 314–335 (2018).  https://doi.org/10.13154/tosc.v2018.i1.314-335CrossRefGoogle Scholar
  5. 5.
    Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the Chi-squared method. In: Katz and Shacham [8], pp. 497–523.  https://doi.org/10.1007/978-3-319-63697-9_17
  6. 6.
    Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006).  https://doi.org/10.1007/11799313_20CrossRefGoogle Scholar
  7. 7.
    Iwata, T., Mennink, B., Vizár, D.: CENC is optimally secure. Cryptology ePrint Archive, Report 2016/1087 (2016). http://eprint.iacr.org/2016/1087
  8. 8.
    Katz, J., Shacham, H. (eds.): CRYPTO 2017. LNCS, vol. 10403. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9CrossRefzbMATHGoogle Scholar
  9. 9.
    Lefranc, D., Painchault, P., Rouat, V., Mayer, E.: A generic method to design modes of operation beyond the birthday bound. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 328–343. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77360-3_21CrossRefGoogle Scholar
  10. 10.
    Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_34CrossRefGoogle Scholar
  11. 11.
    Mennink, B., Neves, S.: Encrypted Davies-Meyer and its dual: towards optimal security using mirror theory. In: Katz and Shacham [8], pp. 556–583.  https://doi.org/10.1007/978-3-319-63697-9_19
  12. 12.
    Nachef, V., Patarin, J., Volte, E.: Feistel Ciphers - Security Proofs and Cryptanalysis. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-49530-9CrossRefzbMATHGoogle Scholar
  13. 13.
    Patarin, J.: On linear systems of equations with distinct variables and small block size. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 299–321. Springer, Heidelberg (2006).  https://doi.org/10.1007/11734727_25CrossRefGoogle Scholar
  14. 14.
    Patarin, J.: A proof of security in O(2n) for the Xor of two random permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232–248. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85093-9_22CrossRefzbMATHGoogle Scholar
  15. 15.
    Patarin, J.: Introduction to mirror theory: analysis of systems of linear equalities and linear non equalities for cryptography. Cryptology ePrint Archive, Report 2010/287 (2010). http://eprint.iacr.org/2010/287
  16. 16.
    Singleton, R.C.: Maximum distance q-nary codes. IEEE Trans. Inf. Theory 10(2), 116–118 (1964).  https://doi.org/10.1109/TIT.1964.1053661MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Vermani, L.R.: Elements of Algebraic Coding Theory. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Digital Security GroupRadboud UniversityNijmegenThe Netherlands

Personalised recommendations