Improved Security Analysis of XEX and LRW Modes

We study block cipher modes that turn a block cipher into a tweakable block cipher, which accepts an auxiliary variable called tweak in addition to the key and message. Liskov et al. first showed such a mode using two keys, where one is the block cipher's key and the other is used for some non-cryptographic function. Later, Rogaway proposed the XEX mode to reduce these two keys to one key. In this paper, we propose a generalization of the Liskov et al.'s scheme with a concrete security proof. Using this, we provide an improved security proof of the XEX and some improvements to the LRW-AES, which is a straightforward AES-based instantiation of Liskov et al.'s scheme proposed by the IEEE Security in Storage Workgroup.

[1]  Liam Keliher,et al.  Exact Maximum Expected Differential and Linear Probability for 2-Round Advanced Encryption Standard (AES) , 2005, IACR Cryptol. ePrint Arch..

[2]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[3]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[4]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[5]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[6]  Liam Keliher,et al.  Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard , 2007, IET Inf. Secur..

[7]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[8]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[9]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[10]  John Black,et al.  Message authentication codes , 2000 .

[11]  Kaoru Kurosawa,et al.  OMAC: One-Key CBC MAC , 2003, IACR Cryptol. ePrint Arch..

[12]  Kaoru Kurosawa,et al.  On the Universal Hash Functions in Luby-Rackoff Cipher , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Serge Vaudenay,et al.  On the Lai-Massey Scheme , 1999, ASIACRYPT.

[14]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[15]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[16]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[17]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[18]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[19]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[20]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[21]  Krzysztof Pietrzak Composition Does Not Imply Adaptive Security , 2005, CRYPTO.

[22]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[23]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[24]  Chae Hoon Lim,et al.  Information Security and Cryptology — ICISC 2002 , 2003, Lecture Notes in Computer Science.

[25]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[26]  Kazuhiko Minematsu,et al.  Provably Secure MACs from Differentially-Uniform Permutations and AES-Based Implementations , 2006, FSE.

[27]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[28]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[29]  Ueli Maurer,et al.  Composition of Random Systems: When Two Weak Make One Strong , 2004, TCC.

[30]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[31]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..