A Domain Extender for the Ideal Cipher

Coron, Jean-Sébastien; Dodis, Yevgeniy; Mandal, Avradip; Seurin, Yannick

doi:10.1007/978-3-642-11799-2_17

Cited by 40 publications

(18 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Starting from an FTL block cipher, one can construct a VTL block cipher by compressing the tweak using a universal hash function, and using the resulting output as the tweak for the FTL block cipher, as explained by Coron et al [22]. Minematsu and Iwata [54] introduce the XTX construction which extends tweak length while minimizing security loss.…”

Section: Generic Constructionmentioning

confidence: 99%

Boosting Authenticated Encryption Robustness with Minimal Modifications

Ashur

Dunkelman

Luykx

2017

Advances in Cryptology – CRYPTO 2017

View full text Add to dashboard Cite

Abstract. Secure and highly efficient authenticated encryption (AE) algorithms which achieve data confidentiality and authenticity in the symmetric-key setting have existed for well over a decade. By all conventional measures, AES-OCB seems to be the AE algorithm of choice on any platform with AES-NI: it has a proof showing it is secure assuming AES is, and it is one of the fastest out of all such algorithms. However, algorithms such as AES-GCM and ChaCha20+Poly1305 have seen more widespread adoption, even though they will likely never outperform AES-OCB on platforms with AES-NI. Given the fact that changing algorithms is a long and costly process, some have set out to maximize the security that can be achieved with the already deployed algorithms, without sacrificing efficiency: ChaCha20+Poly1305 already improves over GCM in how it authenticates, GCM-SIV uses GCM's underlying components to provide nonce misuse resistance, and TLS1.3 introduces a randomized nonce in order to improve GCM's multi-user security. We continue this line of work by looking more closely at GCM and ChaCha20+Poly1305 to see what robustness they already provide over algorithms such as OCB, and whether minor variants of the algorithms can be used for applications where defense in depth is critical. We formalize and illustrate how GCM and ChaCha20+Poly1305 offer varying degrees of resilience to nonce misuse, as they can recover quickly from repeated nonces, as opposed to OCB, which loses all security. More surprisingly, by introducing minor tweaks such as an additional XOR, we can create a GCM variant which provides security even when unverified plaintext is released.

show abstract

Section: Generic Constructionmentioning

confidence: 99%

Boosting Authenticated Encryption Robustness with Minimal Modifications

Ashur

Dunkelman

Luykx

2017

Advances in Cryptology – CRYPTO 2017

View full text Add to dashboard Cite

show abstract

“…The proposed scheme needs only 2 TBC calls and some multiplications over GF(2 n ). After [24], Coron et al further studied the same structure in the indifferentiability framework [8].…”

Section: Introductionmentioning

confidence: 97%

“…3 "Breaking the birthday bound" can be vague, as q 2 /2 n+m is the birthday bound of TBC's (message+tweak) length [24]. Following [24] and [8], this paper exclusively uses the word "birthday bound" for n, which is the message length of the component TBC.…”

Section: Introductionmentioning

confidence: 98%

Building Blockcipher from Tweakable Blockcipher: Extending FSE 2009 Proposal

Minematsu

Iwata

2011

Cryptography and Coding

View full text Add to dashboard Cite

Abstract. This paper extends the provably-secure blockcipher construction proposed at FSE 2009 by Minematsu. Unlike the classical Luby-Rackoff cipher and its variants, the scheme is based on tweakable blockciphers. An advantage of the scheme is that it provides the beyondbirthday-bound security quite efficiently. While FSE 2009 proposal was the case of building a 2n-bit blockcipher using an n-bit tweakable blockcipher, we extend it to shorter and longer block lengths than 2n bits, keeping the security of beyond the birthday bound.

show abstract

“…On a slightly different topic, we also analyze the Feistel-like domain extension construction for ideal ciphers proposed by Coron et al [8] and show that in the seq-indifferentiability model one can obtain a security bound beyond the birthday barrier. See the full version of the paper [19].…”

Section: The Feistel Construction With Public Round Functions the Fementioning

confidence: 99%

On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel Construction

Mandal

Patarin

Seurin

2012

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We show that the Feistel construction with six rounds and random round functions is publicly indifferentiable from a random invertible permutation (a result that is not known to hold for full indifferentiability). Public indifferentiability (pub-indifferentiability for short) is a variant of indifferentiability introduced by Yoneyama et al. [29] and Dodis et al. [12] where the simulator knows all queries made by the distinguisher to the primitive it tries to simulate, and is useful to argue the security of cryptosystems where all the queries to the ideal primitive are public (as e.g. in many digital signature schemes). To prove the result, we introduce a new and simpler variant of indifferentiability, that we call sequential indifferentiability (seq-indifferentiability for short) and show that this notion is in fact equivalent to pub-indifferentiability for stateless ideal primitives. We then prove that the 6-round Feistel construction is seq-indifferentiable from a random invertible permutation. We also observe that sequential indifferentiability implies correlation intractability, so that the Feistel construction with six rounds and random round functions yields a correlation intractable invertible permutation, a notion we define analogously to correlation intractable functions introduced by Canetti et al. [4].

show abstract

A Domain Extender for the Ideal Cipher

Cited by 40 publications

References 27 publications

Boosting Authenticated Encryption Robustness with Minimal Modifications

Boosting Authenticated Encryption Robustness with Minimal Modifications

Building Blockcipher from Tweakable Blockcipher: Extending FSE 2009 Proposal

On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel Construction

Contact Info

Product

Resources

About