Welcome to the resource topic for 2017/474
Title:
Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security
Authors: Bart Mennink
Abstract:Two types of tweakable blockciphers based on classical blockciphers have been presented over the last years: non-tweak-rekeyable and tweak-rekeyable, depending on whether the tweak may influence the key input to the underlying blockcipher. In the former direction, the best possible security is conjectured to be 2^{\sigma n/(\sigma+1)}, where n is the size of the blockcipher and \sigma is the number of blockcipher calls. In the latter direction, Mennink and Wang et al. presented optimally secure schemes, but only in the ideal cipher model. We investigate the possibility to construct a tweak-rekeyable cipher that achieves optimal security in the standard cipher model. As a first step, we note that all standard-model security results in literature implicitly rely on a generic standard-to-ideal transformation, that replaces all keyed blockcipher calls by random secret permutations, at the cost of the security of the blockcipher. Then, we prove that if this proof technique is adopted, tweak-rekeying will not help in achieving optimal security: if 2^{\sigma n/(\sigma+1)} is the best one can get without tweak-rekeying, optimal 2^n provable security with tweak-rekeying is impossible.
ePrint: https://eprint.iacr.org/2017/474
Talk: https://www.youtube.com/watch?v=_4Djup9DmUE
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .