Skip to main content
SpringerLink
Log in

Tweaking a block cipher: multi-user beyond-birthday-bound security in the standard model

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

In this paper, we present a generic construction to create a secure tweakable block cipher from a secure block cipher. Our construction is very natural, requiring four calls to the underlying block cipher for each call of the tweakable block cipher. Moreover, it is provably secure in the standard model while keeping the security degradation minimal in the multi-user setting. In more details, if the underlying blockcipher E uses n-bit blocks and 2n-bit keys, then our construction is proven secure against multi-user adversaries using up to roughly \(2^n\) time and queries as long as E is a secure block cipher.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. It is still possible to study Mennink’s constructions in the standard model, however the result will have to use the security of the underlying block cipher against some family of related key attacks.

  2. This also holds in the multi-user setting as long as the set of users is small enough.

  3. Note that the first term involves the number u of users in order to capture Biham’s multi-user key search attack.

  4. If we consider the multi-user setting, the multi-user key search attack [6] mitigates the impact of the related-key attack from [31] as the number of distinct users grows to the number of adversarial queries.

  5. That is with respect to \(\mathsf {D}\).

References

  1. Andreeva E., Bogdanov A., Luykx A., Mennink B., Tischhauser E., Yasuda K.: Parallelizable and authenticated online ciphers. In: Sako K., Sarkar P., (eds.) Advances in Cryptology—ASIACRYPT 2013 (Proceedings, Part I), LNCS, vol. 8269, pp. 424–443. Springer (2013).

  2. Boldyreva A., Micali S.: Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements, pp. 259–274. Springer, Berlin (2000).

    MATH  Google Scholar 

  3. Bellare M., Rogaway P.: Introduction to modern cryptography, pseudorandom functions (2005). http://cseweb.ucsd.edu/~mihir/cse207/classnotes.html.

  4. Bhattacharya S., Nandi M.: Full indifferentiable security of the xor of two or more random permutations using the chi-squared method. In: Advances in Cryptology—EUROCRYPT 2018: 37th Annual International Cryptology Conference, Tel-Aviv, Israel, Cham, 2018. Springer (2018).

  5. Bhattacharya S., Nandi M.: A note on the chi-square method: a tool for proving cryptographic security. Cryptogr. Commun. (2018).

  6. Biham E.: How to decrypt or even substitute des-encrypted messages in 228 steps. Inf. Process. Lett. 84(3), 117–124 (2002).

    Article  MathSciNet  Google Scholar 

  7. Chakraborty D., Sarkar P.: A general construction of tweakable block ciphers and different modes of operations. In: Lipmaa H., Yung M., Lin D. (eds.) Information Security and Cryptology—Inscrypt 2006, LNCS, vol. 4318, pp. 88–102. Springer (2006).

  8. Chen S., Steinberger J.: Tight Security Bounds for Key-Alternating Ciphers. In: Nguyen P.Q., Oswald E., (eds.) Advances in Cryptology—EUROCRYPT 2014, LNCS, vol. 8441, pp. 327–350. Springer (2014). Full version available at http://eprint.iacr.org/2013/222.

  9. Cogliati B., Lampe R., Seurin Y.: Tweaking even-mansour ciphers. In: Gennaro R., Robshaw M., (eds.) Advances in Cryptology—CRYPTO 2015 (Proceedings, Part I), LNCS, vol. 9215, pp. 189–208. Springer (2015). Full version available at http://eprint.iacr.org/2015/539.

  10. Cogliati B., Seurin, Y.: Beyond-birthday-bound security for tweakable even-mansour ciphers with linear tweak and key mixing. In: Advances in Cryptology—ASIACRYPT 2015—21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29–December 3, 2015, Proceedings, Part II, Lecture Notes in Computer Science, vol. 9453, pp. 134–158. Springer (2015).

  11. Cogliati B., Seurin Y.: On the provable security of the iterated even-mansour cipher against related-key and chosen-key attacks. In: Oswald E., Fischlin M., (eds.) Advances in Cryptology—EUROCRYPT 2015—Proceedings, Part I, LNCS, vol. 9056, pp. 584–613. Springer (2015). Full version available at http://eprint.iacr.org/2015/069.

  12. Crowley P.: Mercy: a fast large block cipher for disk sector encryption. In: Schneier B., (ed.) Fast Software Encryption—FSE 2000, LNCS, vol. 1978, pp. 49–63. Springer (2000).

  13. Dai W., Hoang V.T., Tessaro S.: Information-theoretic indistinguishability via the chi-squared method. In: Katz J., Shacham H., (eds.) Advances in Cryptology—CRYPTO 2017, pp. 497–523. Springer, Cham (2017).

    Chapter  Google Scholar 

  14. Even S., Mansour Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997).

    Article  MathSciNet  Google Scholar 

  15. Ferguson N., Lucks S., Schneier B., Whiting D., Bellare M., Kohno T., Callas J., Walker J.: The Skein Hash Function Family. SHA3 Submission to NIST (Round 3) (2010).

  16. Goldenberg D., Hohenberger S., Liskov M., Schwartz E.C., Seyalioglu, H.: On tweaking Luby–Rackoff blockciphers. In: Kurosawa K., (ed.) Advances in Cryptology—ASIACRYPT 2007, LNCS, vol. 4833, pp. 342–356. Springer (2007).

  17. Granger R., Jovanovic P., Mennink B., Neves S.: Improved masking for tweakable blockciphers with applications to authenticated encryption. In: Advances in Cryptology—EUROCRYPT 2016—35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, 8–12 May 2016, Proceedings, Part I, pp. 263–293 (2016).

  18. Halevi S., Rogaway P.: A tweakable enciphering mode. In: Boneh D., (ed.) Advances in Cryptology—CRYPTO 2003, LNCS, vol. 2729, pp. 482–499. Springer (2003).

  19. Halevi S., Rogaway P.: A parallelizable enciphering mode. In: Okamoto T., (ed.) Topics in Cryptology—CT-RSA 2004, LNCS, vol. 2964, pp. 292–304. Springer (2004).

  20. Hoang V.T., Tessaro S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw M., Katz J., (eds.) Advances in Cryptology—CRYPTO 2016 (Proceedings, Part I), LNCS, vol. 9814, pp. 3–32. Springer (2016).

  21. Iwata T., Mennink B., Vizár D.: Cenc is optimally secure. IACR Cryptol. ePrint Arch. 2016, 1087 (2016).

    Google Scholar 

  22. Jean J., Nikolic I., Peyrin T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar P., Iwata T., (eds.) Advances in Cryptology—ASIACRYPT 2014 (Proceedings, Part II), LNCS, vol. 8874, pp. 274–288. Springer (2014).

  23. Kurosawa K.: Power of a public random permutation and its application to authenticated encryption. IEEE Trans. Inf. Theory 56(10), 5366–5374 (2010).

    Article  MathSciNet  Google Scholar 

  24. Lampe R., Seurin Y.: Security analysis of key-alternating feistel ciphers. In: Cid C., Rechberger C., (eds.) Fast Software Encryption—FSE 2014, LNCS, vol. 8540, pp. 243–264. Springer (2014).

  25. Landecker W., Shrimpton T., Terashima R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini R., Canetti R., (eds.) Advances in Cryptology—CRYPTO 2012, LNCS, vol. 7417, pp. 14–30. Springer (2012). Full version available at http://eprint.iacr.org/2012/450.

  26. Lee J., Luykx A., Mennink B., Minematsu K.: Connecting tweakable and multi-key blockcipher security. Des. Codes Cryptogr. (2017).

  27. Liskov M., Rivest R.L., Wagner D.: Tweakable block ciphers. In: Yung M., (ed.) Advances in Cryptology—CRYPTO 2002, LNCS, vol. 2442, pp. 31–46. Springer (2002).

  28. Luykx A., Mennink B., Paterson K.G.: Analyzing multi-key security degradation. Cryptology ePrint Archive, Report 2017/435 (2017). https://eprint.iacr.org/2017/435.

  29. Mennink B.: Optimally secure tweakable blockciphers. In: Leander G. (ed.) Fast Software Encryption—FSE 2015, LNCS, vol. 9054, pp. 428–448. Springer (2015). Full version available at http://eprint.iacr.org/2015/363.

  30. Mennink B.: XPX: Generalized tweakable even-mansour with improved security guarantees. In: Advances in Cryptology—CRYPTO 2016—Proceedings, LNCS. Springer (2016) (To appear).

  31. Mennink B.: Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security, pp. 708–732. Springer, Cham (2017).

    MATH  Google Scholar 

  32. Minematsu K.: Improved security analysis of XEX and LRW modes. In: Biham E., Youssef A.M., (eds.) Selected Areas in Cryptography—SAC 2006, LNCS, vol. 4356, pp. 96–113. Springer (2006).

  33. Minematsu K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman O., (ed.) Fast Software Encryption—FSE 2009, LNCS, vol. 5665, pp. 308–326. Springer (2009)

  34. Mitsuda A., Iwata T.: Tweakable pseudorandom permutation from generalized feistel structure. In: Baek J., Bao F., Chen K., Lai X., (eds.) ProvSec 2008, LNCS, vol. 5324, pp. 22–37. Springer (2008).

  35. Mouha N., Luykx A.: Multi-key Security: The Even-Mansour Construction Revisited, pp. 209–223. Springer, Berlin (2015).

    MATH  Google Scholar 

  36. Naito Y.: Tweakable blockciphers for efficient authenticated encryptions with beyond the birthday-bound security. IACR Trans. Symmetric Cryptol. 2017(2), 1–26 (2017).

    Google Scholar 

  37. Patarin J.: A proof of security in \(O(2^n)\) for the Xor of two random permutations. In: Safavi-Naini R., (ed.) Information Theoretic Security—ICITS 2008, LNCS, vol. 5155, pp. 232–248. Springer (2008). Full version available at http://eprint.iacr.org/2008/010.

  38. Patarin J.: The “coefficients H” technique. In: Avanzi R.M., Keliher L., Sica F., (eds.) Selected Areas in Cryptography—SAC 2008, LNCS, vol. 5381, pp. 328–345. Springer (2008).

  39. Patarin J.: Introduction to mirror theory: analysis of systems of linear equalities and linear non equalities for cryptography. IACR Cryptol. ePrint Arch. 2010, 287 (2010).

    Google Scholar 

  40. Patarin J.: Security of balanced and unbalanced Feistel schemes with linear non equalities (2010). http://eprint.iacr.org/2010/293.

  41. Patarin J., Montreuil A.: Benes and butterfly schemes revisited. In: Proceedings of the 8th International Conference on Information Security and Cryptology, ICISC’05, pp. 92–116. Springer, Berlin (2006).

    Chapter  Google Scholar 

  42. Procter G.: A note on the CLRW2 tweakable block cipher construction. IACR Cryptol. ePrint Arch. Report 2014/111 (2014). http://eprint.iacr.org/2014/111.

  43. Rogaway P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee P.J. (ed.) Advances in Cryptology—ASIACRYPT 2004, LNCS, vol. 3329, pp. 16–31. Springer (2004).

  44. Rogaway P., Bellare M., Black J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365–403 (2003).

    Article  Google Scholar 

  45. Rogaway P., Zhang H.: Online ciphers from tweakable blockciphers. In: Kiayias A. (ed.) Topics in Cryptology—CT-RSA 2011, LNCS, vol. 6558, pp. 237–249. Springer (2011).

  46. Sasaki Yu., Todo Y., Aoki K., Naito Y., Sugawara T., Murakami Y., Matsui M., Hirose S.: Minalpher v1. Submission to the CAESAR competition (2014).

  47. Schroeppel R.: The Hasty Pudding Cipher. AES submission to NIST (1998).

  48. Tessaro S.: Optimally Secure Block Ciphers from Ideal Primitives, pp. 437–462. Springer, Berlin (2015).

    MATH  Google Scholar 

  49. Wang L., Guo J., Zhang G., Zhao J., Gu D.: How to Build Fully Secure Tweakable Blockciphers from Classical Blockciphers, pp. 455–483. Springer Berlin Heidelberg, Berlin, Heidelberg (2016).

    MATH  Google Scholar 

Download references

Acknowledgements

This work has been supported in part by the European Unions H2020 Programme under grant agreement number ICT-644209. We would also like to thank the reviewers from Designs, Codes and Cryptography for their helpful comments.

Author information

Authors and Affiliations

  1. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Benoît Cogliati

Authors
  1. Benoît Cogliati
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benoît Cogliati.

Additional information

Communicated by T. Iwata.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cogliati, B. Tweaking a block cipher: multi-user beyond-birthday-bound security in the standard model. Des. Codes Cryptogr. 86, 2747–2763 (2018). https://doi.org/10.1007/s10623-018-0471-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-018-0471-8

Keywords

Mathematics Subject Classification

Search

Navigation