Building Blockcipher from Tweakable Blockcipher: Extending FSE 2009 Proposal

Minematsu, Kazuhiko; Iwata, Tetsu

doi:10.1007/978-3-642-25516-8_24

Cited by 19 publications

(17 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the following, we state that PolyHash [20] is one of the examples of an algebraic hash function which is /2 n regular, AXU as well as r-way regular hash function where r ≥ 3.…”

Section: Sprpmentioning

confidence: 99%

“…Note that, the attack does not exploit any specific properties of the hash function and a single time repetition of nonce makes the construction vulnerable above birthday bound security. PolyHash [20] is one of the popular examples of algebraic hash function. For a hash key K h and a for a fixed message M , we first apply an injective padding such as 10 * i.e., pad 1 followed by minimum number of zeros so that the total number of bits in the padded message becomes mutiple of n. Let the padded message be…”

Section: Forge With (mentioning

confidence: 99%

“…For a fixed MAC query, the probability of this event in ideal world is 2 −n as the responses are sampled uniformly and independently to all other sampled random variables. Now, varying over all such MAC queries we obtain the bound to be (20) Pr τ . This essentially implies there is a tree with n edges.…”

Section: 2mentioning

confidence: 99%

“…We also show that DWCDM+ is secure up to 2 n/2 MAC queries and 2 n verification queries in the nonce-misuse setting, where the bound is tight. As a concrete example of DWCDM+, we present an instantiation of DWCDM+ with the AXU hash function being realized via PolyHash [20]. We show that nPolyMAC+ achieves 2 2n/3 -bit MAC security in the nonce-respecting setting.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

<inline-formula><tex-math id="M1">\begin{document}$\textsf{DWCDM+}$\end{document}</tex-math></inline-formula>: A BBB secure nonce based MAC

Datta¹,

Dutta²,

Nandi³

et al. 2019

Advances in Mathematics of Communications

View full text Add to dashboard Cite

In CRYPTO 2016, Cogliati and Seurin have proposed a noncebased MAC called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), from an n-bit block cipher E and an n-bit almost xor universal hash function H as E K 2 E K 1 (N) ⊕ N ⊕ H K h (M) , for a nonce N and a message M that provides roughly 2n/3-bit MAC security. However, obtaining the similar security using a single block cipher key was posed as an open research problem. In this paper, we present Decrypted Wegman-Carter with Davies-Meyer (DWCDM+) construction based on a single block cipher key that provides 2n/3-bit MAC security from an n-bit block cipher E and an n-bit k-regular (∀k ≤ n), almost xor universal hash function H as E −1 K E K (N) ⊕ N ⊕ H K h (M). DWCDM+ is structurally very similar to its predecessor EWCDM except that the facts that (i) the number of block cipher keys reduced from 2 to 1 and (ii) the outer encryption call is replaced by a decryption one. To make the construction truely single-keyed, here we derive the hash key K h as the block cipher output of a fixed string 0 n−2 10 as long as the hash key is of n bits. We show that if the nonce space is restricted to (n − 1) bits, DWCDM+ is secured roughly up to 2 2n/3 MAC queries (2 n/2 MAC queries) and 2 n verification queries against nonce respecting (nonce misuse resp.) adversaries.

show abstract

“…In the following, we state that PolyHash [20] is one of the examples of an algebraic hash function which is /2 n regular, AXU as well as r-way regular hash function where r ≥ 3.…”

Section: Sprpmentioning

confidence: 99%

Section: Forge With (mentioning

confidence: 99%

Section: 2mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

<inline-formula><tex-math id="M1">\begin{document}$\textsf{DWCDM+}$\end{document}</tex-math></inline-formula>: A BBB secure nonce based MAC

Datta¹,

Dutta²,

Nandi³

et al. 2019

Advances in Mathematics of Communications

View full text Add to dashboard Cite

show abstract

“…We mention the LargeBlock constructions due to Minematsu and Iwata [29], since they provide ciphers with beyond-birthday-bound security. These do not support tweaking, but it seems plausible that they could without significant degradation of performance or security.…”

Section: Related Workmentioning

confidence: 99%

A Modular Framework for Building Variable-Input-Length Tweakable Ciphers

Shrimpton¹,

Terashima²

2013

Advances in Cryptology - ASIACRYPT 2013

View full text Add to dashboard Cite

Abstract. We present the Protected-IV construction (PIV) a simple, modular method for building variable-input-length tweakable ciphers. At our level of abstraction, many interesting design opportunities surface. For example, an obvious pathway to building beyond birthday-bound secure tweakable ciphers with performance competitive with existing birthday-bound-limited constructions. As part of our design space exploration, we give two fully instantiated PIV constructions, TCT1 and TCT2; the latter is fast and has beyond birthday-bound security, the former is faster and has birthday-bound security. Finally, we consider a generic method for turning a VIL tweakable cipher (like PIV) into an authenticated encryption scheme that admits associated data, can withstand nonce-misuse, and allows for multiple decryption error messages. Thus, the method offers robustness even in the face of certain sidechannels, and common implementation mistakes.

show abstract