Efficient Length Doubling From Tweakable Block Ciphers

We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.

[1]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[2]  Scott R. Fluhrer,et al.  The Security of the Extended Codebook (XCB) Mode of Operation , 2007, IACR Cryptol. ePrint Arch..

[3]  Angelos D. Keromytis,et al.  Elastic Block Ciphers , 2004, IACR Cryptol. ePrint Arch..

[4]  Mridul Nandi,et al.  Revisiting Security Claims of XLS and COPA , 2015, IACR Cryptol. ePrint Arch..

[5]  Shay Gueron,et al.  Distinguishing a truncated random permutation from a random function , 2015, IACR Cryptol. ePrint Arch..

[6]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[7]  Haibin Zhang,et al.  Online Ciphers from Tweakable Blockciphers , 2011, CT-RSA.

[8]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[9]  Haibin Zhang,et al.  Length-Doubling Ciphers and Tweakable Ciphers , 2012, ACNS.

[10]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[11]  Serge Vaudenay,et al.  Parallel FFT-Hashing , 1993, FSE.

[12]  Tetsu Iwata,et al.  Building Blockcipher from Tweakable Blockcipher: Extending FSE 2009 Proposal , 2011, IMACC.

[13]  Palash Sarkar Improving Upon the TET Mode of Operation , 2007, ICISC.

[14]  Florian Mendel,et al.  Submission to the CAESAR Competition , 2014 .

[15]  Palash Sarkar,et al.  HCH: A New Tweakable Enciphering Scheme Using the Hash-Encrypt-Hash Approach , 2006, INDOCRYPT.

[16]  Thomas Ristenpart,et al.  How to Enrich the Message Space of a Cipher , 2007, IACR Cryptol. ePrint Arch..

[17]  Andrey Bogdanov,et al.  Parallelizable and Authenticated Online Ciphers , 2013, IACR Cryptol. ePrint Arch..

[18]  Jacques Patarin Etude des generateurs de permutations pseudo-aleatoires bases sur le schema du d. E. S , 1991 .

[19]  Anne Canteaut,et al.  Progress in Cryptology - INDOCRYPT 2004, 5th International Conference on Cryptology in India, Chennai, India, December 20-22, 2004, Proceedings , 2004, INDOCRYPT.

[20]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[21]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[22]  Mridul Nandi,et al.  XLS is Not a Strong Pseudorandom Permutation , 2014, ASIACRYPT.

[23]  Peng Wang,et al.  HCTR: A Variable-Input-Length Enciphering Mode , 2005, CISC.

[24]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[25]  Mridul Nandi A Generic Method to Extend Message Space of a Strong Pseudorandom Permutation , 2009, Computación y Sistemas.

[26]  Shai Halevi,et al.  Invertible Universal Hashing and the TET Encryption Mode , 2007, CRYPTO.