The Relation Between CENC and NEMO

  • Bart MenninkEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11124)


Counter mode encryption uses a blockcipher to generate a key stream, which is subsequently used to encrypt data. The mode is known to achieve security up to the birthday bound. In this work we consider two approaches in literature to improve it to beyond birthday bound security: CENC by Iwata (FSE 2006) and its generalization NEMO by Lefranc et al. (SAC 2007). Whereas recent discoveries on CENC argued optimal security, the state of the art of NEMO is still sub-optimal. We draw connections among various instantiations of CENC and NEMO, and particularly prove that the improved optimal security bound on the CENC family carries over to a large class of variants of NEMO. We further conjecture that it also applies to the remaining variants, and discuss bottlenecks in proving so.


CENC NEMO Optimality Linear codes 



Bart Mennink is supported by a postdoctoral fellowship from the Netherlands Organisation for Scientific Research (NWO) under Veni grant 016.Veni.173.017.


  1. 1.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, USA, 19–22 October 1997, pp. 394–403. IEEE Computer Society (1997).
  2. 2.
    Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion. Cryptology ePrint Archive, Report 1999/024 (1999).
  3. 3.
    Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff backwards: increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266–280. Springer, Heidelberg (1998). Scholar
  4. 4.
    Bhattacharya, S., Nandi, M.: Revisiting variable output length XOR pseudorandom function. IACR Trans. Symmetric Cryptol. 2018(1), 314–335 (2018). Scholar
  5. 5.
    Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the Chi-squared method. In: Katz and Shacham [8], pp. 497–523.
  6. 6.
    Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006). Scholar
  7. 7.
    Iwata, T., Mennink, B., Vizár, D.: CENC is optimally secure. Cryptology ePrint Archive, Report 2016/1087 (2016).
  8. 8.
    Katz, J., Shacham, H. (eds.): CRYPTO 2017. LNCS, vol. 10403. Springer, Cham (2017). Scholar
  9. 9.
    Lefranc, D., Painchault, P., Rouat, V., Mayer, E.: A generic method to design modes of operation beyond the birthday bound. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 328–343. Springer, Heidelberg (2007). Scholar
  10. 10.
    Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000). Scholar
  11. 11.
    Mennink, B., Neves, S.: Encrypted Davies-Meyer and its dual: towards optimal security using mirror theory. In: Katz and Shacham [8], pp. 556–583.
  12. 12.
    Nachef, V., Patarin, J., Volte, E.: Feistel Ciphers - Security Proofs and Cryptanalysis. Springer, Cham (2017). Scholar
  13. 13.
    Patarin, J.: On linear systems of equations with distinct variables and small block size. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 299–321. Springer, Heidelberg (2006). Scholar
  14. 14.
    Patarin, J.: A proof of security in O(2n) for the Xor of two random permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232–248. Springer, Heidelberg (2008). Scholar
  15. 15.
    Patarin, J.: Introduction to mirror theory: analysis of systems of linear equalities and linear non equalities for cryptography. Cryptology ePrint Archive, Report 2010/287 (2010).
  16. 16.
    Singleton, R.C.: Maximum distance q-nary codes. IEEE Trans. Inf. Theory 10(2), 116–118 (1964). Scholar
  17. 17.
    Vermani, L.R.: Elements of Algebraic Coding Theory. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Digital Security GroupRadboud UniversityNijmegenThe Netherlands

Personalised recommendations