Tweaks and Keys for Block Ciphers: The TWEAKEY Framework

We propose the TWEAKEY framework with goal to unify the design of tweakable block ciphers and of block ciphers resistant to related-key attacks. Our framework is simple, extends the key-alternating construction, and allows to build a primitive with arbitrary tweak and key sizes, given the public round permutation (for instance, the AES round). Increasing the sizes renders the security analysis very difficult and thus we identify a subclass of TWEAKEY, that we name STK, which solves the size issue by the use of finite field multiplications on low hamming weight constants. Overall, this construction allows a significant increase of security of well-known authenticated encryptions mode like ΘCB3 from birthday-bound security to full security, where a regular block cipher was used as a black box to build a tweakable block cipher. Our work can also be seen as advances on the topic of secure key schedule design.

[1]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[2]  Paul Crowley,et al.  Mercy: A Fast Large Block Cipher for Disk Sector Encryption , 2000, FSE.

[3]  Thomas Shrimpton,et al.  A Modular Framework for Building Variable-Input-Length Tweakable Ciphers , 2013, ASIACRYPT.

[4]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[5]  John P. Steinberger,et al.  Key-Alternating Ciphers in a Provable Setting: Encryption Using a Small Number of Public Permutations , 2012, IACR Cryptol. ePrint Arch..

[6]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[7]  Eli Biham,et al.  A Unified Approach to Related-Key Attacks , 2008, FSE.

[8]  Alex Biryukov,et al.  Search for Related-Key Differential Characteristics in DES-Like Ciphers , 2011, FSE.

[9]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[10]  Keting Jia,et al.  Improved Single-Key Attacks on 9-Round AES-192/256 , 2014, FSE.

[11]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[12]  Moses D. Liskov,et al.  On Tweaking Luby-Rackoff Blockciphers , 2007, ASIACRYPT.

[13]  Ivica Nikolic,et al.  Tweaking AES , 2010, Selected Areas in Cryptography.

[14]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[15]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[16]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[17]  Hongjun Wu,et al.  Related-Cipher Attacks , 2002, ICICS.

[18]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[19]  Morris J. Dworkin SP 800-38E. Recommendation for Block Cipher Modes of Operation: the XTS-AES Mode for Confidentiality on Storage Devices , 2010 .

[20]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[21]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[22]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[23]  Eli Biham,et al.  New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract) , 1994, EUROCRYPT.

[24]  Joos Vandewalle,et al.  Correlation Matrices , 1994, FSE.

[25]  Frédérique E. Oggier,et al.  Lightweight MDS Involution Matrices , 2015, FSE.

[26]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[27]  Jian Guo,et al.  Implementing Lightweight Block Ciphers on x86 Architectures , 2013, IACR Cryptol. ePrint Arch..

[28]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[29]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[30]  Thomas Shrimpton,et al.  Tweakable Blockciphers with Beyond Birthday-Bound Security , 2012, IACR Cryptol. ePrint Arch..

[31]  Kazuhiko Minematsu,et al.  Beyond-Birthday-Bound Security Based on Tweakable Block Cipher , 2009, FSE.

[32]  Matt Henricksen,et al.  AES Variants Secure against Related-Key Differential and Boomerang Attacks , 2011, WISTP.

[33]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[34]  Alex Biryukov,et al.  Distinguisher and Related-Key Attack on the Full AES-256 , 2009, CRYPTO.

[35]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[36]  Vincent Rijmen,et al.  ON THE RELATED-KEY ATTACKS AGAINST AES * , 2012 .

[37]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[38]  Pierre-Alain Fouque,et al.  Exhausting Demirci-Selçuk Meet-in-the-Middle Attacks against Reduced-Round AES , 2013, IACR Cryptol. ePrint Arch..

[39]  Alex Biryukov,et al.  Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others , 2010, EUROCRYPT.

[40]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[41]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[42]  Annett Baier Selected Areas in Cryptography , 2005, Lecture Notes in Computer Science.

[43]  Huaxiong Wang,et al.  The resistance of PRESENT-80 against related-key differential attacks , 2014, Cryptography and Communications.

[44]  John P. Steinberger,et al.  On the Indifferentiability of Key-Alternating Ciphers , 2013, IACR Cryptol. ePrint Arch..

[45]  Shiho Moriai,et al.  Lightweight Cryptography for the Cloud: Exploit the Power of Bitslice Implementation , 2012, CHES.

[46]  Thomas Peyrin,et al.  Structural Evaluation of AES and Chosen-Key Distinguisher of 9-Round AES-128 , 2013, CRYPTO.

[47]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[48]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[49]  William Millan,et al.  Strengthening the Key Schedule of the AES , 2002, ACISP.

[50]  Vincent Rijmen,et al.  The WHIRLPOOL Hashing Function , 2003 .