Tweak-Length Extension for Tweakable Blockciphers

نویسندگان

  • Kazuhiko Minematsu
  • Tetsu Iwata
چکیده

Tweakable blockcipher (TBC) is an extension of standard blockcipher introduced by Liskov, Rivest and Wagner in 2002. TBC is a versatile building block for efficient symmetric-key cryptographic functions, such as authenticated encryption. In this paper we study the problem of extending tweak of a given TBC of fixed-length tweak, which is a variant of popular problem of converting a blockcipher into a TBC, i.e., blockcipher mode of operation. The problem is particularly important for known dedicated TBCs since they have relatively short tweak. We propose a simple and efficient solution, called XTX, for this problem. XTX converts a TBC of fixed-length tweak into another TBC of arbitrarily long tweak, by extending the scheme of Liskov, Rivest andWagner that converts a blockcipher into a TBC. Given a TBC of n-bit block and m-bit tweak, XTX provides (n+m)/2-bit security while conventional methods provide n/2 or m/2-bit security. We also show that XTX is even useful when combined with some blockcipher modes for building TBC having security beyond the birthday bound.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On Tweaking Luby-Rackoff Blockciphers

Tweakable blockciphers, first formalized by Liskov, Rivest, and Wagner [12], are blockciphers with an additional input, the tweak, which allows for variability. An open problem proposed by Liskov et al. is how to construct tweakable blockciphers without using a pre-existing blockcipher. There are many natural questions in this area: is it significantly more efficient to incorporate a tweak dire...

متن کامل

How to Build Fully Secure Tweakable Blockciphers from Classical Blockciphers

This paper focuses on building a tweakable blockcipher from a classical blockcipher whose input and output wires all have a size of n bits. The main goal is to achieve full 2 security. Such a tweakable blockcipher was proposed by Mennink at FSE’15, and it is also the only tweakable blockcipher so far that claimed full 2 security to our best knowledge. However, we find a key-recovery attack on M...

متن کامل

Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security

Two types of tweakable blockciphers based on classical blockciphers have been presented over the last years: non-tweak-rekeyable and tweak-rekeyable, depending on whether the tweak may influence the key input to the underlying blockcipher. In the former direction, the best possible security is conjectured to be 2, where n is the size of the blockcipher and σ is the number of blockcipher calls. ...

متن کامل

Optimally Secure Tweakable Blockciphers

We consider the generic design of a tweakable blockcipher from one or more evaluations of a classical blockcipher, in such a way that all input and output wires are of size n bits. As a first contribution, we show that any tweakable blockcipher with one primitive call and arbitrary linear preand postprocessing functions can be distinguished from an ideal one with an attack complexity of about 2...

متن کامل

Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC

We describe highly efficient constructions, XE and XEX, that turn a blockcipher E: K ×{0, 1} → {0, 1} into a tweakable blockcipher Ẽ: K × T × {0, 1} → {0, 1} having tweakspace T = {0, 1} × I where I is a set of tuples of integers such as I = [1 .. 2] × [0 .. 10].When tweak T is obtained from tweak S by incrementing one if its numerical components,the cost to compute ẼK(M...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2015  شماره 

صفحات  -

تاریخ انتشار 2015