Abstract
Four observations can be made regarding recent trends that have emerged in the evolution of authenticated encryption schemes: (1) regarding simplicity, the adoption of public permutations as primitives has allowed for sparing a key schedule and the need for storing round keys; (2) using the sums of permutation outputs, inputs, or outputs and inputs has been a well-studied means to achieve higher security beyond the birthday bound; (3) concerning robustness, schemes can provide graceful security degradation if a limited amount of nonces repeats during the lifetime of a key; and (4) Andreeva et al.’s ForkCipher approach can increase the efficiency of a scheme since they can use fewer rounds per output branch compared to full-round primitives.
In this work, we improve the state of the art by combining those aspects for efficient authenticated encryption. We propose PAE, an efficient nonce-based AE scheme that employs a public permutation and one call to an XOR-universal hash function. PAE provides O(2n/3)-bit security and high throughput by combining forked public-permutation-based variants of \(\textsf {nEHtM}\) and Encrypted Davies-Meyer. Thus, it can use a single, in part round-reduced, public permutation for most operations, spare a key schedule, and guarantee security beyond the birthday bound even under limited nonce reuse.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We deliberately exclude block-cipher- and tweakable block-cipher-based AE schemes from the discussion here as this paper studies only permutation-based AE.
References
Andreeva, E., et al.: APE: authenticated permutation-based encryption for lightweight cryptography. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 168–186. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_9
Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Vizár, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 153–182. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_6
Beierle, C., et al.: Schwaemm and esch: lightweight authenticated encryption and hashing using the sparkle permutation family (2021)
Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_3
Beyne, T., Chen, Y.L., Dobraunig, C., Mennink, B.: Dumbo, jumbo, and delirium: parallel authenticated encryption for the lightweight circus. IACR Trans. Symmetric Cryptol. 2020(S1), 5–30 (2020)
Beyne, T., Chen, Y.L., Dobraunig, C., Mennink, B.: Multi-user security of the elephant v2 authenticated encryption mode. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 155–178. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_8
Bhattacharjee, A., Bhaumik, R., Dutta, A., List, E.: PAE: towards more efficient and BBB-secure AE from a single public permutation. Cryptology ePrint Archive, Paper 2023/978 (2023)
Bhattacharjee, A., Bhaumik, R., Nandi, M.: A sponge-based PRF with good multi-user security. In: Smith, B., Wu, H. (eds.) Selected Areas in Cryptography. LNCS, Springer, Cham (2022)
Bhattacharjee, A., Bhaumik, R., Nandi, M.: Offset-based BBB-secure tweakable block-ciphers with updatable caches. In: Isobe, T., Sarkar, S. (eds.) INDOCRYPT 2022. LNCS, vol. 13774, pp. 171–194. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22912-1_8
Bhattacharjee, A., Chakraborti, A., Datta, N., Mancillas-López, C., Nandi, M.: ISAP+: ISAP with fast authentication. In: Isobe, T., Sarkar, S. (eds.) INDOCRYPT 2022. LNCS, vol. 13774, pp. 195–219. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22912-1_9
Bhattacharjee, A., Dutta, A., List, E., Nandi, M.: CENCPP\(^*\): beyond-birthday-secure encryption from public permutations. Des. Codes Cryptogryphy 90(6), 1381–1425 (2022)
Bhattacharjee, A., López, C.M., List, E., Nandi, M.: The oribatida v1.3 family of lightweight authenticated encryption schemes. J. Math. Cryptol. 15(1), 305–344 (2021)
Bhaumik, R., Chailloux, A., Frixons, P., Mennink, B., Naya-Plasencia, M.: Block cipher doubling for a post-quantum world. IACR Cryptology ePrint Archive, p. 1342 (2022)
Chakraborti, A., Datta, N., Nandi, M., Yasuda, K.: Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 218–241 (2018)
Chen, Y.L.: A modular approach to the security analysis of two-permutation constructions. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13791, pp. 379–409. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22963-3_13
Chen, Y.L., Dutta, A., Nandi, M.: Multi-user BBB security of public permutations based MAC. Cryptogr. Commun. 14(5), 1145–1177 (2022)
Chen, Y.L., Lambooij, E., Mennink, B.: How to build pseudorandom functions from public random permutations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 266–293. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_10
Chen, Y.L., Mennink, B., Preneel, B.: Categorization of faulty nonce misuse resistant message authentication. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 520–550. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_18
Cogliati, B., Seurin, Y.: EWCDM: an efficient, beyond-birthday secure, nonce-misuse resistant MAC. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 121–149. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_5
Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Xoodyak, a lightweight cryptographic scheme. IACR Trans. Symmetric Cryptol. 2020(S1), 60–87 (2020)
Dobraunig, C., et al.: ISAP v2.0. IACR Trans. Symmetric Cryptol. 2020(S1), 390–416 (2020)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2, September 27 2019. Submission to the NIST LwC competition. https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/ascon-spec-round2.pdf
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Reference, highly optimized, masked C and ASM implementations of Ascon (2023). https://github.com/ascon/ascon-c. Accessed 28 June 2023
Dutta, A., Nandi, M.: BBB secure nonce based MAC using public permutations. In: Nitaj, A., Youssef, A. (eds.) AFRICACRYPT 2020. LNCS, vol. 12174, pp. 172–191. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51938-4_9
Dutta, A., Nandi, M., Talnikar, S.: Beyond birthday bound secure MAC in faulty nonce model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 437–466. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_15
Dutta, A., Nandi, M., Talnikar, S.: Permutation based EDM: an inverse free BBB secure PRF. IACR Trans. Symmetric Cryptol. 2021(2), 31–70 (2021)
Duval, S., Leurent, G.: Lightweight MACs from universal hash functions. In: Belaïd, S., Güneysu, T. (eds.) CARDIS 2019. LNCS, vol. 11833, pp. 195–215. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-42068-0_12
Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_1
Mennink, B., Neves, S.: Encrypted Davies-Meyer and its dual: towards optimal security using mirror theory. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 556–583. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_19
Mennink, B., Neves, S.: Optimal PRFs from blockcipher designs. IACR Trans. Symmetric Cryptol. 2017(3), 228–252 (2017)
Minematsu, K.: How to thwart birthday attacks against MACs via small randomness. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 230–249. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13858-4_13
Mouha, N.: Chaskey: a MAC algorithm for microcontrollers - status update and proposal of Chaskey-12. IACR Cryptology ePrint Archive, p. 1182 (2015)
Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13051-4_19
Nir, Y., Langley, A.: RFC 8439: ChaCha20 and Poly1305 for IETF Protocols (2018)
De Santis, F., Schauer, A., Sigl, G.: ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications. In: Atienza, D., Di Natale, G. (eds.) Design, Automation & Test in Europe Conference & Exhibition, pp. 692–697. IEEE (2017)
Turan, M.S., et al.: NIST Internal Report 8454 - Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process. Technical report, US National Institute of Standards and Technology (2023)
Zhang, P.: Permutation-based lightweight authenticated cipher with beyond conventional security. Secur. Commun. Netw. 2021, 1–9 (2021)
Acknowledgments
This research is partially supported by Nanyang Technological University in Singapore under Start-up Grant 04INS00397C230, and Ministry of Education in Singapore under Grants RG91/20 and MOE2019-T2-1-060. A part of this research was carried out when Ritam Bhaumik was at Inria Paris funded by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement no. 714294 - acronym QUASYModo). We thank the anonymous reviewers of ICICS 2023 for their good comments, Florian DeSantis for helpful thoughts on their ChaCha-Poly1305 implementation, and Shun Li for help with implementation equipment.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Bhattacharjee, A., Bhaumik, R., Dutta, A., List, E. (2023). PAE: Towards More Efficient and BBB-Secure AE from a Single Public Permutation. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_5
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)