Welcome to the resource topic for 2023/1242
Title:
Cascading Four Round LRW1 is Beyond Birthday Bound Secure
Authors: Nilanjan Datta, Shreya Dey, Avijit Dutta, Sougata Mondal
Abstract:In CRYPTO’02, Liskov et al. have introduced a new symmetric key primitive called tweakable block cipher. They have proposed two constructions of designing a tweakable block cipher from block ciphers. The first proposed construction is called \mathsf{LRW1} and the second proposed construction is called \mathsf{LRW2}. Although, \mathsf{LRW2} has been extended in later works to provide beyond birthday bound security (e.g., cascaded \mathsf{LRW2} in CRYPTO’12 by Landecker et al.), but extension of the \mathsf{LRW1} has received no attention until the work of Bao et al. in EUROCRYPT’20, where the authors have shown that one round extension of \mathsf{LRW1}, i.e., masking the output of \mathsf{LRW1} with the given tweak and then re-encrypting it with the same block cipher, gives security up to 2^{2n/3} queries. Recently, Khairallah has shown a birthday bound distinguishing attack on the construction and hence invalidated the security claim of Bao et al. This has led to the open research question, that how many round are necessary for cascading \mathsf{LRW1} to achieve beyond birthday bound security ?
In this paper, we have shown that cascading \mathsf{LRW1} up to four rounds are necessary for ensuring beyond the birthday bound security. In particular, we have shown that \mathsf{CLRW1}^4 provides security up to 2^{2n/3} queries. Security analysis of our construction is based on the recent development of the mirror theory technique for tweakable random permutations under the H-Coefficient framework.
ePrint: https://eprint.iacr.org/2023/1242
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .