Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks

Nakamichi, Ryota; Iwata, Tetsu

doi:10.46586/tosc.v2019.i4.54-80

Cited by 2 publications

(1 citation statement)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Following [Min15], Nakamichi and Iwata [NI19] analysed the TBC-based counterpart of the unbalanced GFS, where a contracting function is used as the round function. They showed the number of rounds to achieve birthday-bound security and BBB security.…”

Section: Introductionmentioning

confidence: 99%

Generalized Feistel Structures Based on Tweakable Block Ciphers

Nakaya

Iwata²

2022

ToSC

View full text Add to dashboard Cite

A generalized Feistel structure (GFS) is a classical approach to construct a block cipher from pseudorandom functions (PRFs). Coron et al. at TCC 2010 instantiated a Feistel structure with a tweakable block cipher (TBC), and presented its provable security treatment. GFSs can naturally be instantiated with TBCs, and among several types of GFSs, the provable security result of TBC-based unbalanced GFSs was presented. TBC-based counterparts of the most basic types of GFSs , namely, type-1, type-2, and type-3 GFSs, can naturally be formalized, and the provable security result of these structures is open. In this paper, we present such formalization and show their provable security treatment. We use a TBC of n-bit blocks and n-bit tweaks, and we identify the number of rounds needed to achieve birthday-bound security and beyond-birthday-bound security (with respect to n). The n-bit security can be achieved with a finite number of rounds, in contrast to the case of classical PRF-based GFSs. Our proofs use Patarin’s coefficient-H technique, and it turns out deriving a collision probability of various internal variables is nontrivial. In order to complete the proof, we introduce an approach to first compute a collision probability of one specific plaintext difference (or a ciphertext difference), and then prove that the case gives the maximum collision probability. We fully verify the correctness of our security bounds for a class of parameters by experimentally deriving upper bounds on the collision probability of internal variables. We also analyse the optimality of our results with respect to the number of rounds and the attack complexity.

show abstract

Section: Introductionmentioning

confidence: 99%

Generalized Feistel Structures Based on Tweakable Block Ciphers

Nakaya

Iwata²

2022

ToSC

View full text Add to dashboard Cite

show abstract

Feistel Ciphers Based on a Single Primitive

TSUJI,

IWATA

2024

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

Kento TSUJI †a) , Student Member and Tetsu IWATA †b) , Member SUMMARY We consider Feistel ciphers instantiated with tweakable block ciphers (TBCs) and ideal ciphers (ICs). The indistinguishability security of the TBC-based Feistel cipher is known, and the indifferentiability security of the IC-based Feistel cipher is also known, where independently keyed TBCs and independent ICs are assumed. In this paper, we analyze the security of a single-keyed TBC-based Feistel cipher and a single IC-based Feistel cipher. We characterize the security depending on the number of rounds. More precisely, we cover the case of contracting Feistel ciphers that have 𝑑 ≥ 2 lines, and the results on Feistel ciphers are obtained as a special case by setting 𝑑 = 2. Our indistinguishability security analysis shows that it is provably secure with 𝑑 + 1 rounds. Our indifferentiability result shows that, regardless of the number of rounds, it cannot be secure. Our attacks are a type of a slide attack, and we consider a structure that uses a round constant, which is a well-known counter measure against slide attacks. We show an indifferentiability attack for the case 𝑑 = 2 and 3 rounds.

show abstract

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks

Cited by 2 publications

References 32 publications

Generalized Feistel Structures Based on Tweakable Block Ciphers

Generalized Feistel Structures Based on Tweakable Block Ciphers

Feistel Ciphers Based on a Single Primitive

Contact Info

Product

Resources

About