Provable Security of (Tweakable) Block Ciphers Based on Substitution-Permutation Networks

Substitution-Permutation Networks (SPNs) refer to a family of constructions which build a wn-bit block cipher from n-bit public permutations (often called S-boxes), which alternate keyless and “local” substitution steps utilizing such S-boxes, with keyed and “global” permutation steps which are non-cryptographic. Many widely deployed block ciphers are constructed based on the SPNs, but there are essentially no provable-security results about SPNs.

[1]  Guido Bertoni,et al.  Keccak sponge function family main document , 2009 .

[2]  Antoine Joux Cryptanalysis of the EMD Mode of Operation , 2003, EUROCRYPT.

[3]  Yosuke Todo,et al.  Gimli : A Cross-Platform Permutation , 2017, CHES.

[4]  Alex Biryukov,et al.  Decomposition attack on SASASASAS , 2015, IACR Cryptol. ePrint Arch..

[5]  Jacques Patarin Luby-rackoff: 7 rounds are enough for 2n(1-ε) security , 2003 .

[6]  Stefano Tessaro,et al.  The equivalence of the random oracle model and the ideal cipher model, revisited , 2010, STOC '11.

[7]  Stefano Tessaro,et al.  Optimally Secure Block Ciphers from Ideal Primitives , 2015, ASIACRYPT.

[8]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[9]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[10]  Palash Sarkar,et al.  A New Mode of Encryption Providing a Tweakable Strong Pseudo-random Permutation , 2006, FSE.

[11]  John P. Steinberger,et al.  Minimizing the Two-Round Even–Mansour Cipher , 2014, Journal of Cryptology.

[12]  Bart Mennink,et al.  XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees , 2016, CRYPTO.

[13]  Bart Mennink,et al.  Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption , 2016, IACR Cryptol. ePrint Arch..

[14]  Itai Dinur,et al.  Decomposing the ASASA Block Cipher Construction , 2015, IACR Cryptol. ePrint Arch..

[15]  Jean-Sébastien Coron,et al.  How to Build an Ideal Cipher: The Indifferentiability of the Feistel Construction , 2014, Journal of Cryptology.

[16]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[17]  Alex Biryukov,et al.  Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract) , 2014, ASIACRYPT.

[18]  Phillip Rogaway,et al.  On Generalized Feistel Networks , 2010, CRYPTO.

[19]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[20]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[21]  Scott R. Fluhrer,et al.  The Security of the Extended Codebook (XCB) Mode of Operation , 2007, IACR Cryptol. ePrint Arch..

[22]  Benoit Cogliati,et al.  Wide Tweakable Block Ciphers Based on Substitution-Permutation Networks: Security Beyond the Birthday Bound , 2018, IACR Cryptol. ePrint Arch..

[23]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[24]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[25]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[26]  Kaoru Kurosawa,et al.  On the Pseudorandomness of the AES Finalists - RC6 and Serpent , 2000, FSE.

[27]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[28]  Stefano Tessaro,et al.  Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security , 2016, CRYPTO.

[29]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[30]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[31]  Phillip Rogaway,et al.  How to Encipher Messages on a Small Domain , 2009, CRYPTO.

[32]  H. Feistel Cryptography and Computer Privacy , 1973 .

[33]  Jacques Patarin,et al.  Security of Random Feistel Schemes with 5 or More Rounds , 2004, CRYPTO.

[34]  Yannick Seurin,et al.  An Asymptotically Tight Security Analysis of the Iterated Even-Mansour Cipher , 2012, ASIACRYPT.

[35]  John P. Steinberger,et al.  Indifferentiability of Confusion-Diffusion Networks , 2015, EUROCRYPT.

[36]  Shai Halevi,et al.  Invertible Universal Hashing and the TET Encryption Mode , 2007, CRYPTO.

[37]  Eric Miles,et al.  Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs , 2012, CRYPTO.

[38]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[39]  Jacques Patarin,et al.  Security of balanced and unbalanced Feistel Schemes with Linear Non Equalities , 2010, IACR Cryptol. ePrint Arch..

[40]  Jacques Patarin,et al.  Luby-Rackoff: 7 Rounds Are Enough for 2n(1-epsilon)Security , 2003, CRYPTO.

[41]  Benoit Cogliati,et al.  Tweaking Even-Mansour Ciphers , 2015, CRYPTO.

[42]  Jonathan Katz,et al.  Provable Security of Substitution-Permutation Networks , 2017, IACR Cryptol. ePrint Arch..

[43]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[44]  Jean-Sébastien Coron,et al.  A Domain Extender for the Ideal Cipher , 2010, TCC.

[45]  Moni Naor,et al.  On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[46]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .