On the Composition of Single-Keyed Tweakable Even-Mansour for Achieving BBB Security

Observing the growing popularity of random permutation (RP)-based designs (e.g, Sponge), Bart Mennink in CRYPTO 2019 has initiated an interesting research in the direction of RP-based pseudorandom functions (PRFs). Both are claimed to achieve beyond-the-birthday-bound (BBB) security of 2n/3 bits (n being the input block size in bits) but require two instances of RPs and can handle only oneblock inputs. In this work, we extend research in this direction by providing two new BBB-secure constructions by composing the tweakable Even-Mansour appropriately. Our first construction requires only one instance of an RP and requires only one key. Our second construction extends the first to a nonce-based Message Authentication Code (MAC) using a universal hash to deal with multi-block inputs. We show that the hash key can be derived from the original key when the underlying hash is the Poly hash. We provide matching attacks for both constructions to demonstrate the tightness of the proven security bounds.

[1]  Kan Yasuda,et al.  On the Composition of Single-Keyed Tweakable Even-Mansour for Achieving BBB Security , 2020, IACR Transactions on Symmetric Cryptology.

[2]  Shay Gueron,et al.  The Advantage of Truncated Permutations , 2016, CSCML.

[3]  Jacques Patarin Mirror theory and cryptography , 2017, Applicable Algebra in Engineering, Communication and Computing.

[4]  Bart Mennink,et al.  How to Build Pseudorandom Functions From Public Random Permutations , 2019, IACR Cryptol. ePrint Arch..

[5]  Thomas Peyrin,et al.  GIFT: A Small Present - Towards Reaching the Limit of Lightweight Encryption , 2017, CHES.

[6]  Mihir Bellare,et al.  A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion , 1999, IACR Cryptol. ePrint Arch..

[7]  Valérie Nachef,et al.  Feistel Ciphers - Security Proofs and Cryptanalysis , 2017 .

[8]  Bart Mennink,et al.  Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory , 2017, CRYPTO.

[9]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[10]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[11]  Benoit Cogliati,et al.  EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC , 2016, CRYPTO.

[12]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[13]  Kan Yasuda,et al.  Encrypt or Decrypt? To Make a Single-Key Beyond Birthday Secure Nonce-Based MAC , 2018, IACR Cryptol. ePrint Arch..

[14]  Mihir Bellare,et al.  Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[15]  Tetsu Iwata,et al.  Building Blockcipher from Tweakable Blockcipher: Extending FSE 2009 Proposal , 2011, IMACC.

[16]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[17]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[18]  Stefan Lucks,et al.  The Sum of PRPs Is a Secure PRF , 2000, EUROCRYPT.

[19]  G. V. Assche,et al.  On the security of the keyed sponge construction , 2011 .

[20]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[21]  Stefano Tessaro,et al.  Information-Theoretic Indistinguishability via the Chi-Squared Method , 2017, CRYPTO.

[22]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[23]  Jacques Patarin,et al.  Introduction to Mirror Theory: Analysis of Systems of Linear Equalities and Linear Non Equalities for Cryptography , 2010, IACR Cryptol. ePrint Arch..

[24]  Bart Mennink,et al.  XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees , 2016, CRYPTO.

[25]  Thomas Peyrin,et al.  Tweaks and Keys for Block Ciphers: The TWEAKEY Framework , 2014, ASIACRYPT.

[26]  Donghoon Chang,et al.  A Short Proof of the PRP/PRF Switching Lemma , 2008, IACR Cryptol. ePrint Arch..

[27]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[28]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[29]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, Journal of Cryptology.

[30]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[31]  Ashwin Jha,et al.  Tight Security Analysis of EHtM MAC , 2017, IACR Trans. Symmetric Cryptol..

[32]  Kan Yasuda,et al.  Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[33]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[34]  Bart Mennink,et al.  Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption , 2015, ASIACRYPT.

[35]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[36]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[37]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[38]  Mridul Nandi,et al.  Beyond Birthday Bound Secure MAC in Faulty Nonce Model , 2019, IACR Cryptol. ePrint Arch..

[39]  Jacques Patarin,et al.  On Linear Systems of Equations with Distinct Variables and Small Block Size , 2005, ICISC.

[40]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[41]  Benoit Cogliati,et al.  Analysis of the single-permutation encrypted Davies–Meyer construction , 2018, Designs, Codes and Cryptography.

[42]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[43]  Bart Mennink,et al.  Security of Keyed Sponge Constructions Using a Modular Proof Approach , 2015, FSE.

[44]  Mridul Nandi,et al.  Mind the Composition: Birthday Bound Attacks on EWCDMD and SoKAC21 , 2020, IACR Cryptol. ePrint Arch..

[45]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.