Length-Preserving Encryption Based on Single-Key Tweakable Block Cipher

2018 ◽  
pp. 313-326
Author(s):  
Xiangyang Zhang ◽  
Yaobin Shen ◽  
Hailun Yan ◽  
Ying Zou ◽  
Ming Wan ◽  
...  
Keyword(s):  
Block Cipher ◽  
Tweakable Block Cipher

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

scholarly journals Improved Rectangle Attacks on SKINNY and CRAFT

2021 ◽  
pp. 140-198
Author(s):  
Hosein Hadipour ◽  
Nasour Bagheri ◽  
Ling Song
Keyword(s):  
General Framework ◽  
Block Cipher ◽  
Security Analysis ◽  
Differential Cryptanalysis ◽  
Advanced Method ◽  
Model Based ◽  
Tweakable Block Cipher ◽  
First Time

The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for E with probability p2q2 by concatenating two short differential trails for E0 and E1 with probability p and q respectively. According to the previous research, the dependency between these two differential characteristics has a great impact on the probability of boomerang and rectangle distinguishers. Dunkelman et al. proposed the sandwich attack to formalise such dependency that regards E as three parts, i.e., E = E1 ∘ Em ∘ E0, where Em contains the dependency between two differential trails, satisfying some differential propagation with probability r. Accordingly, the entire probability is p2q2r. Recently, Song et al. have proposed a general framework to identify the actual boundaries of Em and systematically evaluate the probability of Em with any number of rounds, and applied their method to accurately evaluate the probabilities of the best SKINNY’s boomerang distinguishers. In this paper, using a more advanced method to search for boomerang distinguishers, we show that the best previous boomerang distinguishers for SKINNY can be significantly improved in terms of probability and number of rounds. More precisely, we propose related-tweakey boomerang distinguishers for up to 19, 21, 23, and 25 rounds of SKINNY-64-128, SKINNY-128-256, SKINNY-64-192 and SKINNY-128-384 respectively, which improve the previous boomerang distinguishers of these variants of SKINNY by 1, 2, 1, and 1 round respectively. Based on the improved boomerang distinguishers for SKINNY, we provide related-tweakey rectangle attacks on 23 rounds of SKINNY-64-128, 24 rounds of SKINNY-128-256, 29 rounds of SKINNY-64-192, and 30 rounds of SKINNY-128-384. It is worth noting that our improved related-tweakey rectangle attacks on SKINNY-64-192, SKINNY-128-256 and SKINNY-128-384 can be directly applied for the same number of rounds of ForkSkinny-64-192, ForkSkinny-128-256 and ForkSkinny-128-384 respectively. CRAFT is another SKINNY-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. As a result, we provide a 14-round boomerang distinguisher for CRAFT in the single-tweak model based on which we propose a single-tweak rectangle attack on 18 rounds of this cipher. Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called Double Boomerang Connectivity Table (DBCT), LBCT⫤, and UBCT⊨ to evaluate the boomerang switch through the multiple rounds more accurately.

scholarly journals Boomeyong: Embedding Yoyo within Boomerang and its Applications to Key Recovery Attacks on AES and Pholkos

2021 ◽  
pp. 137-169
Author(s):  
Mostafizar Rahman ◽  
Dhiman Saha ◽  
Goutam Paul
Keyword(s):  
Time Complexity ◽  
Block Cipher ◽  
New Technique ◽  
Small Scale ◽  
Key Recovery ◽  
Boomerang Attack ◽  
Tweakable Block Cipher ◽  
Key Recovery Attack ◽  
Key Recovery Attacks

This work investigates a generic way of combining two very effective and well-studied cryptanalytic tools, proposed almost 18 years apart, namely the boomerang attack introduced by Wagner in FSE 1999 and the yoyo attack by Ronjom et al. in Asiacrypt 2017. In doing so, the s-box switch and ladder switch techniques are leveraged to embed a yoyo trail inside a boomerang trail. As an immediate application, a 6-round key recovery attack on AES-128 is mounted with time complexity of 278. A 10-round key recovery attack on recently introduced AES-based tweakable block cipher Pholkos is also furnished to demonstrate the applicability of the new technique on AES-like constructions. The results on AES are experimentally verified by applying and implementing them on a small scale variant of AES. We provide arguments that draw a relation between the proposed strategy with the retracing boomerang attack devised in Eurocrypt 2020. To the best of our knowledge, this is the first attempt to merge the yoyo and boomerang techniques to analyze SPN ciphers and warrants further attention as it has the potential of becoming an important cryptanalysis tool.

scholarly journals Efficient Length Doubling From Tweakable Block Ciphers

2017 ◽  
pp. 253-270 ◽  
Author(s):  
Yu Long Chen ◽  
Atul Luykx ◽  
Bart Mennink ◽  
Bart Preneel
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Arbitrary Length ◽  
Pseudorandom Permutation ◽  
Cryptographic Primitive ◽  
Length Data ◽  
Tweakable Block Cipher ◽  
Integral Data

We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.

Meet-in-the-middle attacks on round-reduced tweakable block cipher Deoxys-BC

2019 ◽  
Vol 13 (1) ◽  
pp. 70-75 ◽  
Author(s):  
Rongjia Li ◽  
Chenhui Jin
Keyword(s):  
Block Cipher ◽  
Tweakable Block Cipher

Tweakable TWINE: Building a Tweakable Block Cipher on Generalized Feistel Structure

2019 ◽  
pp. 129-145 ◽  
Author(s):  
Kosei Sakamoto ◽  
Kazuhiko Minematsu ◽  
Nao Shibata ◽  
Maki Shigeri ◽  
Hiroyasu Kubo ◽  
...  
Keyword(s):  
Block Cipher ◽  
Tweakable Block Cipher ◽  
Feistel Structure

Elastic-Tweak: A Framework for Short Tweak Tweakable Block Cipher

2021 ◽  
pp. 114-137
Author(s):  
Avik Chakraborti ◽  
Nilanjan Datta ◽  
Ashwin Jha ◽  
Cuauhtemoc Mancillas-López ◽  
Mridul Nandi ◽  
...  
Keyword(s):  
Block Cipher ◽  
Tweakable Block Cipher
Sign in / Sign up

Export Citation Format

Share Document