ZCZ - Achieving n-bit SPRP Security with a Minimal Number of Tweakable-block-cipher Calls

Strong Pseudo-random Permutations (SPRPs) are important for various applications. In general, it is desirable to base an SPRP on a single-keyed primitive for minimizing the implementation costs. For constructions built on classical block ciphers, Nandi showed at ASIACRYPT’15 that at least two calls to the primitive per processed message block are required for SPRP security, assuming that all further operations are linear. The ongoing trend of using tweakable block ciphers as primitive has already led to MACs or encryption modes with high security and efficiency properties. Thus, three interesting research questions are hovering in the domain of SPRPs: (1) if and to which extent the bound of two calls per block can be reduced with a tweakable block cipher, (2) how concrete constructions could be realized, and (3) whether full n-bit security is achievable from primitives with n-bit state size.

[1]  Roberto Maria Avanzi,et al.  The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes , 2017, IACR Trans. Symmetric Cryptol..

[2]  Scott R. Fluhrer,et al.  The Extended Codebook (XCB) Mode of Operation , 2004, IACR Cryptol. ePrint Arch..

[3]  Palash Sarkar,et al.  HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach , 2008, IEEE Transactions on Information Theory.

[4]  Kazuhiko Minematsu,et al.  Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions , 2014, EUROCRYPT.

[5]  Mridul Nandi,et al.  An Inverse-Free Single-Keyed Tweakable Enciphering Scheme , 2015, ASIACRYPT.

[6]  Palash Sarkar,et al.  A New Mode of Encryption Providing a Tweakable Strong Pseudo-random Permutation , 2006, FSE.

[7]  Kazuhiko Minematsu,et al.  Beyond-Birthday-Bound Security Based on Tweakable Block Cipher , 2009, FSE.

[8]  Nicky Mouha,et al.  Simpira v2: A Family of Efficient Permutations Using the AES Round Function , 2016, ASIACRYPT.

[9]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[10]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[11]  Minematsu Kazuhiko,et al.  ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication , 2017 .

[12]  Palash Sarkar Tweakable enciphering schemes using only the encryption function of a block cipher , 2011, Inf. Process. Lett..

[13]  Tetsu Iwata,et al.  Stronger Security Variants of GCM-SIV , 2016, IACR Trans. Symmetric Cryptol..

[14]  Peng Wang,et al.  HCTR: A Variable-Input-Length Enciphering Mode , 2005, CISC.

[15]  Tetsu Iwata,et al.  New Blockcipher Modes of Operation with Beyond the Birthday Bound Security , 2006, FSE.

[16]  Mridul Nandi On the Optimality of Non-Linear Computations of Length-Preserving Encryption Schemes , 2015, ASIACRYPT.

[17]  Guido Bertoni,et al.  Farfalle: parallel permutation-based cryptography , 2017, IACR Trans. Symmetric Cryptol..

[18]  Palash Sarkar Improving Upon the TET Mode of Operation , 2007, ICISC.

[19]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[20]  Francisco Rodríguez-Henríquez,et al.  Efficient hardware implementations of brw polynomials and tweakable enciphering schemes , 2013, IEEE Transactions on Computers.

[21]  Thomas Peyrin,et al.  Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers , 2016, CRYPTO.

[22]  Kazuhiko Minematsu,et al.  Building blockcipher from small-block tweakable blockcipher , 2015, Des. Codes Cryptogr..

[23]  Shai Halevi,et al.  Invertible Universal Hashing and the TET Encryption Mode , 2007, CRYPTO.

[24]  Peng Wang,et al.  3kf9: Enhancing 3GPP-MAC beyond the Birthday Bound , 2012, ASIACRYPT.

[25]  Toshiyasu Matsushima,et al.  Tweakable Enciphering Schemes from Hash-Sum-Expansion , 2007, INDOCRYPT.

[26]  Bart Mennink,et al.  Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption , 2016, IACR Cryptol. ePrint Arch..

[27]  Thomas Peyrin,et al.  Tweaks and Keys for Block Ciphers: The TWEAKEY Framework , 2014, ASIACRYPT.

[28]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[29]  Benoit Cogliati,et al.  New Constructions of MACs from (Tweakable) Block Ciphers , 2017, IACR Trans. Symmetric Cryptol..

[30]  Phillip Rogaway,et al.  Onion-AE: Foundations of Nested Encryption , 2018, Proc. Priv. Enhancing Technol..

[31]  Bart Preneel,et al.  Efficient Length Doubling From Tweakable Block Ciphers , 2017, IACR Trans. Symmetric Cryptol..

[32]  Palash Sarkar,et al.  Efficient Tweakable Enciphering Schemes From (Block-Wise) Universal Hash Functions , 2009, IEEE Transactions on Information Theory.

[33]  Phillip Rogaway,et al.  Robust Authenticated-Encryption AEZ and the Problem That It Solves , 2015, EUROCRYPT.

[34]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[35]  Moni Naor,et al.  On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[36]  Kan Yasuda,et al.  A New Variant of PMAC: Beyond the Birthday Bound , 2011, CRYPTO.

[37]  Mridul Nandi Improving upon HCTR and matching attacks for Hash-Counter-Hash approach , 2008, IACR Cryptol. ePrint Arch..

[38]  Cuauhtemoc Mancillas-López,et al.  STES: A Stream Cipher Based Low Cost Scheme for Securing Stored Data , 2015, IEEE Transactions on Computers.

[39]  Tetsu Iwata,et al.  Building Blockcipher from Tweakable Blockcipher: Extending FSE 2009 Proposal , 2011, IMACC.

[40]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[41]  Omer Reingold,et al.  A Pseudo-Random Encryption , 1997 .

[42]  Yusuke Naito,et al.  Full PRF-Secure Message Authentication Code Based on Tweakable Block Cipher , 2015, ProvSec.

[43]  Bart Preneel,et al.  A MAC Mode for Lightweight Block Ciphers , 2016, FSE.

[44]  Scott R. Fluhrer,et al.  The Security of the Extended Codebook (XCB) Mode of Operation , 2007, IACR Cryptol. ePrint Arch..

[45]  Shai Halevi,et al.  EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data , 2004, INDOCRYPT.

[46]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[47]  Thomas Shrimpton,et al.  A Modular Framework for Building Variable-Input-Length Tweakable Ciphers , 2013, ASIACRYPT.

[48]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[49]  Mridul Nandi A Generic Method to Extend Message Space of a Strong Pseudorandom Permutation , 2009, Computación y Sistemas.

[50]  Jean-Sébastien Coron,et al.  A Domain Extender for the Ideal Cipher , 2010, TCC.