Generalization and Extension of XEX* Mode

This paper describes an extension of XEX* mode, which is a method to convert a block cipher into a tagged tweakable block cipher, a notion introduced by Rogaway in 2004 as an extension of the tweakable block cipher by Liskov et al. Our extension attaches an additional encryption function to the original XEX*, which has some limitation but is slightly faster than the encryption implemented by XEX*. We prove our scheme's security in a general form, where the offset function, a key component of our construction, is not restricted to the one used by XEX*. We also provide some applications of our result, in particular to OCB 2.0, an authenticated encryption based on XEX*.

[1]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[2]  Kaoru Kurosawa,et al.  OMAC: One-Key CBC MAC , 2003, IACR Cryptol. ePrint Arch..

[3]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[4]  Kaoru Kurosawa,et al.  On the Universal Hash Functions in Luby-Rackoff Cipher , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[5]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[6]  Toshiyasu Matsushima,et al.  Tweakable Enciphering Schemes from Hash-Sum-Expansion , 2007, INDOCRYPT.

[7]  Kazuhiko Minematsu,et al.  Improved Security Analysis of XEX and LRW Modes , 2006, Selected Areas in Cryptography.

[8]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[9]  Kazuhiko Minematsu,et al.  Provably Secure MACs from Differentially-Uniform Permutations and AES-Based Implementations , 2006, FSE.

[10]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[11]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[12]  Serge Vaudenay,et al.  On the Lai-Massey Scheme , 1999, ASIACRYPT.

[13]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[14]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[15]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.