Welcome to the resource topic for 2016/876
Title:
How to Build Fully Secure Tweakable Blockciphers from Classical Blockciphers
Authors: Lei Wang, Jian Guo, Guoyan Zhang, Jingyuan Zhao, Dawu Gu
Abstract:This paper focuses on building a tweakable blockcipher from a classical blockcipher whose input and output wires all have a size of n bits. The main goal is to achieve full 2^n security. Such a tweakable blockcipher was proposed by Mennink at FSE’15, and it is also the only tweakable blockcipher so far that claimed full 2^n security to our best knowledge. However, we find a key-recovery attack on Mennink’s proposal (in the proceeding version) with a complexity of about 2^{n/2} adversarial queries. The attack well demonstrates that Mennink’s proposal has at most 2^{n/2} security, and therefore invalidates its security claim. In this paper, we study a construction of tweakable blockciphers denoted as \tilde{\mathbb E}[s] that is built on s invocations of a blockcipher and additional simple XOR operations. As proven in previous work, at least two invocations of blockcipher with linear mixing are necessary to possibly bypass the birthday-bound barrier of 2^{n/2} security, we carry out an investigation on the instances of \tilde{\mathbb E}[s] with s \ge 2, and find 32 highly efficient tweakable blockciphers \widetilde{E1}, \widetilde{E2}, \ldots, \widetilde{E32} that achieve 2^n provable security. Each of these tweakable blockciphers uses two invocations of a blockcipher, one of which uses a tweak-dependent key generated by XORing the tweak to the key (or to a secret subkey derived from the key). We point out the provable security of these tweakable blockciphers is obtained in the ideal blockcipher model due to the usage of the tweak-dependent key.
ePrint: https://eprint.iacr.org/2016/876
Slides: https://iacr.org/cryptodb/archive/2016/ASIACRYPT/presentation/27885.pdf
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .