标题:How to Build Fully Secure Tweakable Blockciphers from Classical Blockciphers
作者:Wang, Lei; Guo, Jian; Zhang, Guoyan; Zhao, Jingyuan; Gu, Dawu
通讯作者:Wang, Lei
作者机构:[Wang, Lei; Gu, Dawu] Shanghai Jiao Tong Univ, Dept Comp Sci & Engn, Shanghai, Peoples R China.; [Guo, Jian] Nanyang Technol Univ, Singapore, Singap 更多
会议名称:22nd Annual International Conference on Theory and Application of Cryptology and Information Security (ASIACRYPT)
会议日期:DEC 04-08, 2016
来源:ADVANCES IN CRYPTOLOGY - ASIACRYPT 2016, PT I
出版年:2016
卷:10031
页码:455-483
DOI:10.1007/978-3-662-53887-6_17
关键词:Tweakable blockcipher; Full security; Ideal blockcipher; Tweak-dependent; key
摘要:This paper focuses on building a tweakable blockcipher from a classical blockcipher whose input and output wires all have a size of n bits. The main goal is to achieve full 2(n) security. Such a tweakable blockcipher was proposed by Mennink at FSE'15, and it is also the only tweakable blockcipher so far that claimed full 2(n) security to our best knowledge. However, we find a key-recovery attack on Mennink's proposal (in the proceeding version) with a complexity of about 2(n/2) adversarial queries. The attack well demonstrates that Mennink's proposal has at most 2(n/2) security, and therefore invalidates its security claim. In this paper, we study a construction of tweakable blockciphers denoted as E[s] that is built on s invocations of a blockcipher and additional simple XOR operations. As proven in previous work, at least two invocations of blockcipher with linear mixing are necessary to possibly bypass the birthday-bound barrier of 2(n/2) security, we carry out an investigation on the instances of E[s] with s >= 2, and find 32 highly efficient tweakable blockciphers E1, E2,..., E32 that achieve 2(n) provable security. Each of these tweakable blockciphers uses two invocations of a blockcipher, one of which uses a tweak-dependent key generated by XORing the tweak to the key (or to a secret subkey derived from the key). We point out the provable security of these tweakable blockciphers is obtained in the ideal blockcipher model due to the usage of the tweak- dependent key.
收录类别:CPCI-S;EI;SCOPUS
WOS核心被引频次:2
Scopus被引频次:2
资源类型:会议论文;期刊论文
原文链接:https://www.scopus.com/inward/record.uri?eid=2-s2.0-84998678911&doi=10.1007%2f978-3-662-53887-6_17&partnerID=40&md5=44eb1c076a51c4f047bbbd92ef413d23
TOP