Skip to main content
SpringerLink
Log in

Improved XKX-Based AEAD Scheme: Removing the Birthday Terms

  • Conference paper
  • First Online:
Progress in Cryptology – LATINCRYPT 2017 (LATINCRYPT 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11368))

Abstract

Naito [ToSC 2017, Issue 2] proposed \(\mathtt {XKX}\), a tweakable blockcipher (TBC) based on a blockcipher (BC). It offers efficient authenticated encryption with associated data (AEAD) schemes with beyond-birthday-bound (BBB) security, by combining with efficient TBC-based AEAD schemes such as \(\mathrm {\Theta CB3}\). In the resultant schemes, for each data block, a BC is called once. The security bound is roughly \(\ell ^2 q/2^n+ \sigma _{A}^2/2^n+ \sigma _\mathcal {D}^2/2^n\), where \(n\) is the block size of the BC in bits, \(\ell \) is the number of BC calls by a query, \(q\) is the number of queries, \(\sigma _{A}\) is the number of BC calls handing associated data by encryption queries, and \(\sigma _\mathcal {D}\) is the number of BC calls by decryption queries. Hence, assuming \(\ell , \sigma _{A}, \sigma _\mathcal {D}\ll 2^{n/2}\), the AEAD schemes achieve BBB security. However, the birthday terms \(\sigma _{A}^2/2^n\), \(\sigma _\mathcal {D}^2/2^n\) might become dominant, for example, when \(n\) is small such as \(n=64\) and when DoS attacks are performed. The birthday terms are introduced due to the modular proof via the \(\mathtt {XKX}\)’s security proof.

In this paper, in order to remove the birthday terms, we slightly modify \(\mathrm {\Theta CB3}\) called \(\mathrm {\Theta CB3}^\dagger \), and directly prove the security of \(\mathrm {\Theta CB3}^\dagger \) with \(\mathtt {XKX}\). We show that the security bound becomes roughly \(\ell ^2 q/2^n\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Our result is an extension of the result in [21], and thus several parts of the background are reused from [21].

  2. 2.

    The data block is equal to the block size of the underlying BC.

  3. 3.

    He gave BC-based instantiations of the PRF; the XOR of BCs and the concatenation. The PRF advantage of the XOR is roughly \(q/2^n\). The PRF advantage of the concatenation is roughly \(q^2/2^n\). Using these instantiations, these terms are introduced in the security bounds of the \(\mathtt {XKX}\)-based AEAD schemes.

  4. 4.

    More precisely, (the PRF-security advantage) and \(q \times \) (the strong pseudo-random permutation advantage) are defined in the security bound. For simplicity, assume that these terms are negligible.

References

  1. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469–491 (2008)

    Article  MathSciNet  Google Scholar 

  2. Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. IACR Cryptology ePrint Archive 2004, 331 (2004)

    Google Scholar 

  3. Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384–397. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_25

    Chapter  Google Scholar 

  4. Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)

    Article  MathSciNet  Google Scholar 

  5. Chakraborty, D., Sarkar, P.: A general construction of tweakable block ciphers and different modes of operations. IEEE Trans. Inf. Theory 54(5), 1991–2006 (2008)

    Article  MathSciNet  Google Scholar 

  6. Granger, R., Jovanovic, P., Mennink, B., Neves, S.: Improved masking for tweakable blockciphers with applications to authenticated encryption. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 263–293. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_11

    Chapter  Google Scholar 

  7. Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310–327. Springer, Heidelberg (2006). https://doi.org/10.1007/11799313_20

    Chapter  Google Scholar 

  8. Iwata, T.: Authenticated encryption mode for beyond the birthday bound security. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 125–142. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68164-9_9

    Chapter  Google Scholar 

  9. Iwata, T., Mennink, B., Vizár, D.: CENC is optimally secure. IACR Cryptology ePrint Archive 2016, 1087 (2016)

    Google Scholar 

  10. Iwata, T., Minematsu, K.: Stronger security variants of GCM-SIV. IACR Trans. Symmetric Cryptol. 2016(1), 134–157 (2016)

    Google Scholar 

  11. Iwata, T., Yasuda, K.: BTM: a single-key, inverse-cipher-free mode for deterministic authenticated encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 313–330. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_20

    Chapter  Google Scholar 

  12. Iwata, T., Yasuda, K.: HBS: a single-key mode of operation for deterministic authenticated encryption. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 394–415. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03317-9_24

    Chapter  MATH  Google Scholar 

  13. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_18

    Chapter  MATH  Google Scholar 

  14. Lampe, R., Seurin, Y.: Tweakable blockciphers with asymptotically optimal security. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 133–151. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_8

    Chapter  Google Scholar 

  15. Landecker, W., Shrimpton, T., Terashima, R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 14–30. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_2

    Chapter  Google Scholar 

  16. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_3

    Chapter  Google Scholar 

  17. Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_34

    Chapter  Google Scholar 

  18. Mennink, B., Reyhanitabar, R., Vizár, D.: Security of full-state keyed sponge and duplex: applications to authenticated encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part II. LNCS, vol. 9453, pp. 465–489. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_19

    Chapter  Google Scholar 

  19. Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 308–326. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03317-9_19

    Chapter  Google Scholar 

  20. Minematsu, K.: Parallelizable rate-1 authenticated encryption from pseudorandom functions. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 275–292. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_16

    Chapter  Google Scholar 

  21. Naito, Y.: Tweakable blockciphers for efficient authenticated encryptions with beyond the birthday-bound security. ePrint 2017/466 and IACR Trans. Symmetric Cryptol. 2017(2), 1–26 (2017)

    Google Scholar 

  22. Patarin, J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 106–122. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_7

    Chapter  Google Scholar 

  23. Patarin, J.: Introduction to mirror theory: analysis of systems of linear equalities and linear non equalities for cryptography. IACR Cryptology ePrint Archive 2010, 287 (2010)

    Google Scholar 

  24. Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, 18–22 November 2002, pp. 98–107 (2002)

    Google Scholar 

  25. Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30539-2_2

    Chapter  Google Scholar 

  26. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Proceedings of the 8th ACM Conference on Computer and Communications Security CCS 2001, Philadelphia, Pennsylvania, USA, 6–8 November 2001, pp. 196–205 (2001)

    Google Scholar 

  27. Wang, L., Guo, J., Zhang, G., Zhao, J., Gu, D.: How to build fully secure tweakable blockciphers from classical blockciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 455–483. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_17

    Chapter  Google Scholar 

Download references

Acknowledgments

We would like to thank Atul Luykx for his comments and suggestions.

Author information

Authors and Affiliations

  1. Mitsubishi Electric Corporation, Kamakura, Kanagawa, Japan

    Yusuke Naito

Authors
  1. Yusuke Naito
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yusuke Naito .

Editor information

Editors and Affiliations

  1. Technische Universiteit Eindhoven, Eindhoven, The Netherlands

    Tanja Lange

  2. University of Haifa, Haifa, Israel

    Orr Dunkelman

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Naito, Y. (2019). Improved XKX-Based AEAD Scheme: Removing the Birthday Terms. In: Lange, T., Dunkelman, O. (eds) Progress in Cryptology – LATINCRYPT 2017. LATINCRYPT 2017. Lecture Notes in Computer Science(), vol 11368. Springer, Cham. https://doi.org/10.1007/978-3-030-25283-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-25283-0_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-25282-3

  • Online ISBN: 978-3-030-25283-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation