Abstract
In this paper, we present a generic construction to create a secure tweakable block cipher from a secure block cipher. Our construction is very natural, requiring four calls to the underlying block cipher for each call of the tweakable block cipher. Moreover, it is provably secure in the standard model while keeping the security degradation minimal in the multi-user setting. In more details, if the underlying blockcipher E uses n-bit blocks and 2n-bit keys, then our construction is proven secure against multi-user adversaries using up to roughly \(2^n\) time and queries as long as E is a secure block cipher.
Similar content being viewed by others
Notes
It is still possible to study Mennink’s constructions in the standard model, however the result will have to use the security of the underlying block cipher against some family of related key attacks.
This also holds in the multi-user setting as long as the set of users is small enough.
Note that the first term involves the number u of users in order to capture Biham’s multi-user key search attack.
That is with respect to \(\mathsf {D}\).
References
Andreeva E., Bogdanov A., Luykx A., Mennink B., Tischhauser E., Yasuda K.: Parallelizable and authenticated online ciphers. In: Sako K., Sarkar P., (eds.) Advances in Cryptology—ASIACRYPT 2013 (Proceedings, Part I), LNCS, vol. 8269, pp. 424–443. Springer (2013).
Boldyreva A., Micali S.: Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements, pp. 259–274. Springer, Berlin (2000).
Bellare M., Rogaway P.: Introduction to modern cryptography, pseudorandom functions (2005). http://cseweb.ucsd.edu/~mihir/cse207/classnotes.html.
Bhattacharya S., Nandi M.: Full indifferentiable security of the xor of two or more random permutations using the chi-squared method. In: Advances in Cryptology—EUROCRYPT 2018: 37th Annual International Cryptology Conference, Tel-Aviv, Israel, Cham, 2018. Springer (2018).
Bhattacharya S., Nandi M.: A note on the chi-square method: a tool for proving cryptographic security. Cryptogr. Commun. (2018).
Biham E.: How to decrypt or even substitute des-encrypted messages in 228 steps. Inf. Process. Lett. 84(3), 117–124 (2002).
Chakraborty D., Sarkar P.: A general construction of tweakable block ciphers and different modes of operations. In: Lipmaa H., Yung M., Lin D. (eds.) Information Security and Cryptology—Inscrypt 2006, LNCS, vol. 4318, pp. 88–102. Springer (2006).
Chen S., Steinberger J.: Tight Security Bounds for Key-Alternating Ciphers. In: Nguyen P.Q., Oswald E., (eds.) Advances in Cryptology—EUROCRYPT 2014, LNCS, vol. 8441, pp. 327–350. Springer (2014). Full version available at http://eprint.iacr.org/2013/222.
Cogliati B., Lampe R., Seurin Y.: Tweaking even-mansour ciphers. In: Gennaro R., Robshaw M., (eds.) Advances in Cryptology—CRYPTO 2015 (Proceedings, Part I), LNCS, vol. 9215, pp. 189–208. Springer (2015). Full version available at http://eprint.iacr.org/2015/539.
Cogliati B., Seurin, Y.: Beyond-birthday-bound security for tweakable even-mansour ciphers with linear tweak and key mixing. In: Advances in Cryptology—ASIACRYPT 2015—21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29–December 3, 2015, Proceedings, Part II, Lecture Notes in Computer Science, vol. 9453, pp. 134–158. Springer (2015).
Cogliati B., Seurin Y.: On the provable security of the iterated even-mansour cipher against related-key and chosen-key attacks. In: Oswald E., Fischlin M., (eds.) Advances in Cryptology—EUROCRYPT 2015—Proceedings, Part I, LNCS, vol. 9056, pp. 584–613. Springer (2015). Full version available at http://eprint.iacr.org/2015/069.
Crowley P.: Mercy: a fast large block cipher for disk sector encryption. In: Schneier B., (ed.) Fast Software Encryption—FSE 2000, LNCS, vol. 1978, pp. 49–63. Springer (2000).
Dai W., Hoang V.T., Tessaro S.: Information-theoretic indistinguishability via the chi-squared method. In: Katz J., Shacham H., (eds.) Advances in Cryptology—CRYPTO 2017, pp. 497–523. Springer, Cham (2017).
Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).
Ferguson N., Lucks S., Schneier B., Whiting D., Bellare M., Kohno T., Callas J., Walker J.: The Skein Hash Function Family. SHA3 Submission to NIST (Round 3) (2010).
Goldenberg D., Hohenberger S., Liskov M., Schwartz E.C., Seyalioglu, H.: On tweaking Luby–Rackoff blockciphers. In: Kurosawa K., (ed.) Advances in Cryptology—ASIACRYPT 2007, LNCS, vol. 4833, pp. 342–356. Springer (2007).
Granger R., Jovanovic P., Mennink B., Neves S.: Improved masking for tweakable blockciphers with applications to authenticated encryption. In: Advances in Cryptology—EUROCRYPT 2016—35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, 8–12 May 2016, Proceedings, Part I, pp. 263–293 (2016).
Halevi S., Rogaway P.: A tweakable enciphering mode. In: Boneh D., (ed.) Advances in Cryptology—CRYPTO 2003, LNCS, vol. 2729, pp. 482–499. Springer (2003).
Halevi S., Rogaway P.: A parallelizable enciphering mode. In: Okamoto T., (ed.) Topics in Cryptology—CT-RSA 2004, LNCS, vol. 2964, pp. 292–304. Springer (2004).
Hoang V.T., Tessaro S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw M., Katz J., (eds.) Advances in Cryptology—CRYPTO 2016 (Proceedings, Part I), LNCS, vol. 9814, pp. 3–32. Springer (2016).
Iwata T., Mennink B., Vizár D.: Cenc is optimally secure. IACR Cryptol. ePrint Arch. 2016, 1087 (2016).
Jean J., Nikolic I., Peyrin T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar P., Iwata T., (eds.) Advances in Cryptology—ASIACRYPT 2014 (Proceedings, Part II), LNCS, vol. 8874, pp. 274–288. Springer (2014).
Kurosawa K.: Power of a public random permutation and its application to authenticated encryption. IEEE Trans. Inf. Theory 56(10), 5366–5374 (2010).
Lampe R., Seurin Y.: Security analysis of key-alternating feistel ciphers. In: Cid C., Rechberger C., (eds.) Fast Software Encryption—FSE 2014, LNCS, vol. 8540, pp. 243–264. Springer (2014).
Landecker W., Shrimpton T., Terashima R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini R., Canetti R., (eds.) Advances in Cryptology—CRYPTO 2012, LNCS, vol. 7417, pp. 14–30. Springer (2012). Full version available at http://eprint.iacr.org/2012/450.
Lee J., Luykx A., Mennink B., Minematsu K.: Connecting tweakable and multi-key blockcipher security. Des. Codes Cryptogr. (2017).
Liskov M., Rivest R.L., Wagner D.: Tweakable block ciphers. In: Yung M., (ed.) Advances in Cryptology—CRYPTO 2002, LNCS, vol. 2442, pp. 31–46. Springer (2002).
Luykx A., Mennink B., Paterson K.G.: Analyzing multi-key security degradation. Cryptology ePrint Archive, Report 2017/435 (2017). https://eprint.iacr.org/2017/435.
Mennink B.: Optimally secure tweakable blockciphers. In: Leander G. (ed.) Fast Software Encryption—FSE 2015, LNCS, vol. 9054, pp. 428–448. Springer (2015). Full version available at http://eprint.iacr.org/2015/363.
Mennink B.: XPX: Generalized tweakable even-mansour with improved security guarantees. In: Advances in Cryptology—CRYPTO 2016—Proceedings, LNCS. Springer (2016) (To appear).
Mennink B.: Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security, pp. 708–732. Springer, Cham (2017).
Minematsu K.: Improved security analysis of XEX and LRW modes. In: Biham E., Youssef A.M., (eds.) Selected Areas in Cryptography—SAC 2006, LNCS, vol. 4356, pp. 96–113. Springer (2006).
Minematsu K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman O., (ed.) Fast Software Encryption—FSE 2009, LNCS, vol. 5665, pp. 308–326. Springer (2009)
Mitsuda A., Iwata T.: Tweakable pseudorandom permutation from generalized feistel structure. In: Baek J., Bao F., Chen K., Lai X., (eds.) ProvSec 2008, LNCS, vol. 5324, pp. 22–37. Springer (2008).
Mouha N., Luykx A.: Multi-key Security: The Even-Mansour Construction Revisited, pp. 209–223. Springer, Berlin (2015).
Naito Y.: Tweakable blockciphers for efficient authenticated encryptions with beyond the birthday-bound security. IACR Trans. Symmetric Cryptol. 2017(2), 1–26 (2017).
Patarin J.: A proof of security in \(O(2^n)\) for the Xor of two random permutations. In: Safavi-Naini R., (ed.) Information Theoretic Security—ICITS 2008, LNCS, vol. 5155, pp. 232–248. Springer (2008). Full version available at http://eprint.iacr.org/2008/010.
Patarin J.: The “coefficients H” technique. In: Avanzi R.M., Keliher L., Sica F., (eds.) Selected Areas in Cryptography—SAC 2008, LNCS, vol. 5381, pp. 328–345. Springer (2008).
Patarin J.: Introduction to mirror theory: analysis of systems of linear equalities and linear non equalities for cryptography. IACR Cryptol. ePrint Arch. 2010, 287 (2010).
Patarin J.: Security of balanced and unbalanced Feistel schemes with linear non equalities (2010). http://eprint.iacr.org/2010/293.
Patarin J., Montreuil A.: Benes and butterfly schemes revisited. In: Proceedings of the 8th International Conference on Information Security and Cryptology, ICISC’05, pp. 92–116. Springer, Berlin (2006).
Procter G.: A note on the CLRW2 tweakable block cipher construction. IACR Cryptol. ePrint Arch. Report 2014/111 (2014). http://eprint.iacr.org/2014/111.
Rogaway P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee P.J. (ed.) Advances in Cryptology—ASIACRYPT 2004, LNCS, vol. 3329, pp. 16–31. Springer (2004).
Rogaway P., Bellare M., Black J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003).
Rogaway P., Zhang H.: Online ciphers from tweakable blockciphers. In: Kiayias A. (ed.) Topics in Cryptology—CT-RSA 2011, LNCS, vol. 6558, pp. 237–249. Springer (2011).
Sasaki Yu., Todo Y., Aoki K., Naito Y., Sugawara T., Murakami Y., Matsui M., Hirose S.: Minalpher v1. Submission to the CAESAR competition (2014).
Schroeppel R.: The Hasty Pudding Cipher. AES submission to NIST (1998).
Tessaro S.: Optimally Secure Block Ciphers from Ideal Primitives, pp. 437–462. Springer, Berlin (2015).
Wang L., Guo J., Zhang G., Zhao J., Gu D.: How to Build Fully Secure Tweakable Blockciphers from Classical Blockciphers, pp. 455–483. Springer Berlin Heidelberg, Berlin, Heidelberg (2016).
Acknowledgements
This work has been supported in part by the European Unions H2020 Programme under grant agreement number ICT-644209. We would also like to thank the reviewers from Designs, Codes and Cryptography for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by T. Iwata.
Rights and permissions
About this article
Cite this article
Cogliati, B. Tweaking a block cipher: multi-user beyond-birthday-bound security in the standard model. Des. Codes Cryptogr. 86, 2747–2763 (2018). https://doi.org/10.1007/s10623-018-0471-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-018-0471-8