PAE : Towards More Efficient and BBB-secure AE From a Single Public Permutation

. Four recent trends have emerged in the evolution of authenticated encryption schemes: (1) Regarding simplicity, the adoption of public permutations as primitives allows for sparing a key schedule and the need for storing round keys; (2) using the sums of permutation outputs, inputs, or outputs has been a well-studied means to achieve higher security beyond the birthday bound; (3) concerning robustness, schemes should provide graceful security degradation if a limited amount of nonces repeats during the lifetime of a key, and (4) Andreeva et al.’s ForkCipher approach can increase the efficiency of a scheme since they can use fewer rounds per output branch compared to full-round primitives. In this work, we improve on the state of the art by combining those aspects for efficient authenticated encryption. We propose PAE , an efficient nonce-based AE scheme that employs a public permutation and one call to an XOR-universal hash function. PAE provides O (2 n/ 3)-bit security and high throughput by combining forked public-permutation-based variants of nEHtM and an Encrypted Davies-Meyer. Thus, it can use a single, in part round-reduced, public permutation for most operations, spare a key schedule, and guarantee security beyond the birthday bound even under limited nonce reuse.

[1]  Mridul Nandi,et al.  CENCPP - Beyond-birthday-secure Encryption from Public Permutations , 2020, IACR Cryptol. ePrint Arch..

[2]  M. Nandi,et al.  Multi-user BBB security of public permutations based MAC , 2022, Cryptography and Communications.

[3]  Ping Zhang Permutation-Based Lightweight Authenticated Cipher with Beyond Conventional Security , 2021, Security and Communication Networks.

[4]  Florian Mendel,et al.  Ascon v1.2: Lightweight Authenticated Encryption and Hashing , 2021, Journal of Cryptology.

[5]  Mridul Nandi,et al.  The Oribatida v1.3 Family of Lightweight Authenticated Encryption Schemes , 2021, J. Math. Cryptol..

[6]  Bart Mennink,et al.  Dumbo, Jumbo, and Delirium: Parallel Authenticated Encryption for the Lightweight Circus , 2020, IACR Trans. Symmetric Cryptol..

[7]  Florian Mendel,et al.  Isap v2.0 , 2020, IACR Trans. Symmetric Cryptol..

[8]  Joan Daemen,et al.  Xoodyak, a lightweight cryptographic scheme , 2020, IACR Trans. Symmetric Cryptol..

[9]  Mridul Nandi,et al.  BBB Secure Nonce Based MAC Using Public Permutations , 2020, IACR Cryptol. ePrint Arch..

[10]  Damian Vizár,et al.  Forkcipher: a New Primitive for Authenticated Encryption of Very Short Messages , 2019, IACR Cryptol. ePrint Arch..

[11]  Sébastien Duval,et al.  Lightweight MACs from Universal Hash Functions , 2019, CARDIS.

[12]  Bart Mennink,et al.  How to Build Pseudorandom Functions From Public Random Permutations , 2019, IACR Cryptol. ePrint Arch..

[13]  Mridul Nandi,et al.  Beyond Birthday Bound Secure MAC in Faulty Nonce Model , 2019, IACR Cryptol. ePrint Arch..

[14]  Kan Yasuda,et al.  Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[15]  Yosuke Todo,et al.  Gimli : A Cross-Platform Permutation , 2017, CHES.

[16]  Bart Mennink,et al.  Optimal PRFs from Blockcipher Designs , 2017, IACR Trans. Symmetric Cryptol..

[17]  Bart Mennink,et al.  Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory , 2017, CRYPTO.

[18]  Georg Sigl,et al.  ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[19]  Stefano Tessaro,et al.  Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security , 2016, CRYPTO.

[20]  Benoit Cogliati,et al.  EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC , 2016, CRYPTO.

[21]  Nicky Mouha,et al.  Chaskey: a MAC Algorithm for Microcontrollers - Status Update and Proposal of Chaskey-12 - , 2015, IACR Cryptol. ePrint Arch..

[22]  John P. Steinberger,et al.  Minimizing the Two-Round Even–Mansour Cipher , 2014, Journal of Cryptology.

[23]  Ingrid Verbauwhede,et al.  Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers , 2014, Selected Areas in Cryptography.

[24]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[25]  Andrey Bogdanov,et al.  APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography , 2014, FSE.

[26]  Kazuhiko Minematsu,et al.  How to Thwart Birthday Attacks against MACs via Small Randomness , 2010, FSE.

[27]  N. Datta,et al.  sf ISAP+: sf ISAP with Fast Authentication , 2022, International Conference on Cryptology in India.

[28]  Yu Long Chen,et al.  A Modular Approach to the Security Analysis of Two-Permutation Constructions , 2022, IACR Cryptol. ePrint Arch..

[29]  Aein Rezaei Shahmirzadi,et al.  An Update on the LWC Finalist Sparkle , 2022 .

[30]  Christoph Dobraunig,et al.  Multi-user Security of the Elephant v2 Authenticated Encryption Mode , 2021, SAC.

[31]  Mridul Nandi,et al.  Permutation Based EDM: An Inverse Free BBB Secure PRF , 2021, IACR Cryptol. ePrint Arch..

[32]  Bart Preneel,et al.  Categorization of Faulty Nonce Misuse Resistant Message Authentication , 2021, ASIACRYPT.