A Modular Framework for Building Variable-Input-Length Tweakable Ciphers
نویسندگان
چکیده
We present the Protected-IV construction (PIV) a simple, modular method for building variable-input-length tweakable ciphers. At our level of abstraction, many interesting design opportunities surface. For example, an obvious pathway to building beyond birthday-bound secure tweakable ciphers with performance competitive with existing birthday-bound-limited constructions. As part of our design space exploration, we give two fully instantiated PIV constructions, TCT1 and TCT2; the latter is fast and has beyond birthday-bound security, the former is faster and has birthday-bound security. Finally, we consider a generic method for turning a VIL tweakable cipher (like PIV) into an authenticated encryption scheme that admits associated data, can withstand nonce-misuse, and allows for multiple decryption error messages. Thus, the method offers robustness even in the face of certain sidechannels, and common implementation mistakes.
منابع مشابه
Length-Doubling Ciphers and Tweakable Ciphers
We motivate and describe a mode of operation HEM (resp., THEM) that turns a n-bit blockcipher into a variable-input-length cipher (resp., tweakable cipher) that acts on strings of [n..2n − 1] bits. Both HEM and THEM are simple and intuitive and use only two blockcipher calls, while prior work at least takes three. We prove them secure in the sense of strong PRP and tweakable strong PRP, assumin...
متن کاملEfficient Length Doubling From Tweakable Block Ciphers
We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable...
متن کاملXHX - A Framework for Optimally Secure Tweakable Block Ciphers from Classical Block Ciphers and Universal Hashing
Tweakable block ciphers are important primitives for designing cryptographic schemes with high security. In the absence of a standardized tweakable block cipher, constructions built from classical block ciphers remain an interesting research topic in both theory and practice. Motivated by Mennink’s F̃ [2] publication from 2015, Wang et al. proposed 32 optimally secure constructions at ASIACRYPT’...
متن کاملOnline Ciphers from Tweakable Blockciphers
Online ciphers are deterministic length-preserving permutations EK : ({0, 1})+ → ({0, 1})+ where the i-th block of ciphertext depends only on the first i blocks of plaintext. Definitions, constructions, and applications for these objects were first given by Bellare, Boldyreva, Knudsen, and Namprempre. We simplify and generalize their work, showing that online ciphers are rather trivially constr...
متن کاملHow to Enrich the Message Space of a Cipher
Given (deterministic) ciphers E and E that can encipher messages of l and n bits, respectively, we construct a cipher E∗ = XLS[E , E] that can encipher messages of l + s bits for any s < n. Enciphering such a string will take one call to E and two calls to E. We prove that E∗ is a strong pseudorandom permutation as long as E and E are. Our construction works even in the tweakable and VIL (varia...
متن کامل