Tweak-Length Extension for Tweakable Blockciphers
نویسندگان
چکیده
Tweakable blockcipher (TBC) is an extension of standard blockcipher introduced by Liskov, Rivest and Wagner in 2002. TBC is a versatile building block for efficient symmetric-key cryptographic functions, such as authenticated encryption. In this paper we study the problem of extending tweak of a given TBC of fixed-length tweak, which is a variant of popular problem of converting a blockcipher into a TBC, i.e., blockcipher mode of operation. The problem is particularly important for known dedicated TBCs since they have relatively short tweak. We propose a simple and efficient solution, called XTX, for this problem. XTX converts a TBC of fixed-length tweak into another TBC of arbitrarily long tweak, by extending the scheme of Liskov, Rivest andWagner that converts a blockcipher into a TBC. Given a TBC of n-bit block and m-bit tweak, XTX provides (n+m)/2-bit security while conventional methods provide n/2 or m/2-bit security. We also show that XTX is even useful when combined with some blockcipher modes for building TBC having security beyond the birthday bound.
منابع مشابه
On Tweaking Luby-Rackoff Blockciphers
Tweakable blockciphers, first formalized by Liskov, Rivest, and Wagner [12], are blockciphers with an additional input, the tweak, which allows for variability. An open problem proposed by Liskov et al. is how to construct tweakable blockciphers without using a pre-existing blockcipher. There are many natural questions in this area: is it significantly more efficient to incorporate a tweak dire...
متن کاملHow to Build Fully Secure Tweakable Blockciphers from Classical Blockciphers
This paper focuses on building a tweakable blockcipher from a classical blockcipher whose input and output wires all have a size of n bits. The main goal is to achieve full 2 security. Such a tweakable blockcipher was proposed by Mennink at FSE’15, and it is also the only tweakable blockcipher so far that claimed full 2 security to our best knowledge. However, we find a key-recovery attack on M...
متن کاملInsuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security
Two types of tweakable blockciphers based on classical blockciphers have been presented over the last years: non-tweak-rekeyable and tweak-rekeyable, depending on whether the tweak may influence the key input to the underlying blockcipher. In the former direction, the best possible security is conjectured to be 2, where n is the size of the blockcipher and σ is the number of blockcipher calls. ...
متن کاملOptimally Secure Tweakable Blockciphers
We consider the generic design of a tweakable blockcipher from one or more evaluations of a classical blockcipher, in such a way that all input and output wires are of size n bits. As a first contribution, we show that any tweakable blockcipher with one primitive call and arbitrary linear preand postprocessing functions can be distinguished from an ideal one with an attack complexity of about 2...
متن کاملEfficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC
We describe highly efficient constructions, XE and XEX, that turn a blockcipher E: K ×{0, 1} → {0, 1} into a tweakable blockcipher Ẽ: K × T × {0, 1} → {0, 1} having tweakspace T = {0, 1} × I where I is a set of tuples of integers such as I = [1 .. 2] × [0 .. 10].When tweak T is obtained from tweak S by incrementing one if its numerical components,the cost to compute ẼK(M...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015