scholarly journals Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security

2017 ◽  
pp. 1-26 ◽  
Author(s):  
Yusuke Naito
Keyword(s):  
Modular Design ◽  
Data Block ◽  
Authenticated Encryption ◽  
Pseudorandom Permutation ◽  
Beyond Birthday Bound ◽  
Tweakable Blockciphers ◽  
Associated Data

Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a plaintext). However, the existing efficient blockcipher-based TBCs are secure up to the birthday bound, where the underlying keyed blockcipher is a secure strong pseudorandom permutation. Existing blockcipher-based AE schemes with beyond-birthday-bound (BBB) security are not efficient, that is, a blockcipher is called twice or more for each data block. In this paper, we present a TBC, XKX, that offers efficient blockcipher-based AE schemes with BBB security, by combining with efficient TBC-based AE schemes such as ΘCB3 and

scholarly journals High-Throughput Low-Area Hardware Design of Authenticated Encryption with Associated Data Cryptosystem that Uses ChaCha20 and Poly1305

2019 ◽  
Vol 8 (2S6) ◽  
pp. 86-94
Keyword(s):  
High Throughput ◽  
Stream Cipher ◽  
Hardware Design ◽  
Authenticated Encryption ◽  
Verilog Hdl ◽  
Low Area ◽  
Cell Library ◽  
Wide Range ◽  
Exclusive Or ◽  
Associated Data

In this paper, the hardware design of a low area and a high throughput ChaCha20-Poly1305 that performs the dual authentication-encryption function for a secured communication within hardware devices is presented. Cryptographic algorithms- ChaCha20 stream cipher and Poly1305, enhance security margins and achieve higher performance measures on a wide range of software platforms and has proven superior to its counterpart, the AES, in the software domain. This relatively new stream cipher is compared to the benchmark AES, has recently been standardized but their implementations in hardware have had very little to not very desirable results particularly in terms of area. For this reason, it is therefore an active field to make such algorithms hardware friendly. This research presents a compact, low-area and high throughput chacha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) design. The core architecture consists of the ChaCha20-Poly1305 algorithm. The simplified quarter round designed in the proposed architecture uses the addition, rotation and exclusive-or algorithms operators (gates). This proposed architecture provides an improvement in the operating frequency and area. The architecture was modeled and simulated with Verilog HDL and Modelsim tools for functional and timing correctness. The hardware architecture designed was synthesized with Xilinx‟s Synthesis Tool (XST) and Synopsis‟ Design Compiler (DC) using the 0.18µm CMOS standard Cell library. The resulting hardware area in terms of gate equivalent is approximately 11KGE for chacha20 and 21KGE for Poly1305. The design operates at maximum frequency of 420 MHz and 870 MHz for the ChaCha20 and Poly1305 respectively. The proposed design presented in this paper additionally functions at a throughput of approximately 8 Gbps for ChaCha20 with an overall efficiency of 2.35 Kbps/GE when ChaCha20 and Poly1305 are combined into the AEAD_ChaCha20_Poly1305 authenticated encryption core.

scholarly journals Efficient Length Doubling From Tweakable Block Ciphers

2017 ◽  
pp. 253-270 ◽  
Author(s):  
Yu Long Chen ◽  
Atul Luykx ◽  
Bart Mennink ◽  
Bart Preneel
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Arbitrary Length ◽  
Pseudorandom Permutation ◽  
Cryptographic Primitive ◽  
Length Data ◽  
Tweakable Block Cipher ◽  
Integral Data

We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.

scholarly journals Stronger Security Variants of GCM-SIV

2016 ◽  
pp. 134-157 ◽  
Author(s):  
Tetsu Iwata ◽  
Kazuhiko Minematsu
Keyword(s):  
Provable Security ◽  
Query Complexity ◽  
Authenticated Encryption ◽  
Standard Assumption ◽  
Distinguishing Attack ◽  
Pseudorandom Permutation ◽  
Minor Variant ◽  
A Minor ◽  
Security Bound ◽  
Provably Secure

At CCS 2015, Gueron and Lindell proposed GCM-SIV, a provably secure authenticated encryption scheme that remains secure even if the nonce is repeated. While this is an advantage over the original GCM, we first point out that GCM-SIV allows a trivial distinguishing attack with about 248 queries, where each query has one plaintext block. This shows the tightness of the security claim and does not contradict the provable security result. However, the original GCM resists the attack, and this poses a question of designing a variant of GCM-SIV that is secure against the attack. We present a minor variant of GCM-SIV, which we call GCM-SIV1, and discuss that GCM-SIV1 resists the attack, and it offers a security trade-off compared to GCM-SIV. As the main contribution of the paper, we explore a scheme with a stronger security bound. We present GCM-SIV2 which is obtained by running two instances of GCM-SIV1 in parallel and mixing them in a simple way. We show that it is secure up to 285.3 query complexity, where the query complexity is measured in terms of the total number of blocks of the queries. Finally, we generalize this to show GCM-SIVr by running r instances of GCM-SIV1 in parallel, where r ≥ 3, and show that the scheme is secure up to 2128r/(r+1) query complexity. The provable security results are obtained under the standard assumption that the blockcipher is a pseudorandom permutation.

scholarly journals Authenticated Encryption Based on Chaotic Neural Networks and Duplex Construction

Symmetry ◽  
2021 ◽  
Vol 13 (12) ◽  
pp. 2432
Author(s):  
Nabil Abdoun ◽  
Safwan El Assad ◽  
Thang Manh Hoang ◽  
Olivier Deforges ◽  
Rima Assaf ◽  
...  
Keyword(s):  
Neural Network ◽  
Statistical Tests ◽  
Single Layer ◽  
Linear Functions ◽  
Authenticated Encryption ◽  
Chaotic Neural Network ◽  
Chi Square ◽  
Chaotic Neural Networks ◽  
Two Phases ◽  
Associated Data

In this paper, we propose, implement and analyze an Authenticated Encryption with Associated Data Scheme (AEADS) based on the Modified Duplex Construction (MDC) that contains a chaotic compression function (CCF) based on our chaotic neural network revised (CNNR). Unlike the standard duplex construction (SDC), in the MDC there are two phases: the initialization phase and the duplexing phase, each contain a CNNR formed by a neural network with single layer, and followed by a set of non-linear functions. The MDC is implemented with two variants of width, i.e., 512 and 1024 bits. We tested our proposed scheme against the different cryptanalytic attacks. In fact, we evaluated the key and the message sensitivity, the collision resistance analysis and the diffusion effect. Additionally, we tested our proposed AEADS using the different statistical tests such as NIST, Histogram, chi-square, entropy, and correlation analysis. The experimental results obtained on the security performance of the proposed AEADS system are notable and the proposed system can then be used to protect data and authenticate their sources.

scholarly journals CTET+: A Beyond-Birthday-Bound Secure Tweakable Enciphering Scheme Using a Single Pseudorandom Permutation

2021 ◽  
pp. 1-35
Author(s):  
Benoît Cogliati ◽  
Jordan Ethan ◽  
Virginie Lallemand ◽  
Byeonghak Lee ◽  
Jooyoung Lee ◽  
...  
Keyword(s):  
Block Cipher ◽  
Random Permutation ◽  
Pseudorandom Permutation ◽  
Linear Layer ◽  
Non Linear ◽  
Single Block ◽  
Permutation Model ◽  
Beyond Birthday Bound ◽  
Disk Encryption ◽  
Block Sizes

In this work, we propose a construction of 2-round tweakable substitutionpermutation networks using a single secret S-box. This construction is based on non-linear permutation layers using independent round keys, and achieves security beyond the birthday bound in the random permutation model. When instantiated with an n-bit block cipher with ωn-bit keys, the resulting tweakable block cipher, dubbed CTET+, can be viewed as a tweakable enciphering scheme that encrypts ωκ-bit messages for any integer ω ≥ 2 using 5n + κ-bit keys and n-bit tweaks, providing 2n/3-bit security.Compared to the 2-round non-linear SPN analyzed in [CDK+18], we both minimize it by requiring a single permutation, and weaken the requirements on the middle linear layer, allowing better performance. As a result, CTET+ becomes the first tweakable enciphering scheme that provides beyond-birthday-bound security using a single permutation, while its efficiency is still comparable to existing schemes including AES-XTS, EME, XCB and TET. Furthermore, we propose a new tweakable enciphering scheme, dubbed AES6-CTET+, which is an actual instantiation of CTET+ using a reduced round AES block cipher as the underlying secret S-box. Extensivecryptanalysis of this algorithm allows us to claim 127 bits of security.Such tweakable enciphering schemes with huge block sizes become desirable in the context of disk encryption, since processing a whole sector as a single block significantly worsens the granularity for attackers when compared to, for example, AES-XTS, which treats every 16-byte block on the disk independently. Besides, as a huge amount of data is being stored and encrypted at rest under many different keys in clouds, beyond-birthday-bound security will most likely become necessary in the short term.

scholarly journals Cryptanalysis of NORX v2.0

2017 ◽  
pp. 156-174 ◽  
Author(s):  
Colin Chaigneau ◽  
Thomas Fuhr ◽  
Henri Gilbert ◽  
Jérémy Jean ◽  
Jean-René Reinhard
Keyword(s):  
Authenticated Encryption ◽  
Forgery Attack ◽  
Key Recovery ◽  
Design Decisions ◽  
The Third ◽  
Caesar Competition ◽  
Internal Operations ◽  
Key Recovery Attack ◽  
Associated Data ◽  
Main Change

NORX is an authenticated encryption scheme with associated data being publicly scrutinized as part of the ongoing CAESAR competition, where 14 other primitives are also competing. It is based on the sponge construction and relies on a simple permutation that allows efficient and versatile implementations. Thanks to research on the security of the sponge construction, the design of NORX, whose permutation is inspired from the permutations used in BLAKE and ChaCha, has evolved throughout three main versions (v1.0, v2.0 and v3.0). In this paper, we investigate the security of the full NORX v2.0 primitive that has been accepted as third-round candidate in the CAESAR competition. We show that some non-conservative design decisions probably motivated by implementation efficiency considerations result in at least one strong structural distinguisher of the underlying sponge permutation that can be turned into an attack on the full primitive. This attack yields a ciphertext-only forgery with time and data complexity 266 (resp. 2130) for the variant of NORX v2.0 using 128-bit (resp. 256-bit) keys and breaks the designers’ claim of a 128-bit, resp. 256-bit security. Furthermore, we show that this forgery attack can be extended to a key-recovery attack on the full NORX v2.0 with the same time and data complexities. We have implemented and experimentally verified the correctness of the attacks on a toy version of NORX. We emphasize that the scheme has recently been tweaked to NORX v3.0 at the beginning of the third round of the CAESAR competition: the main change introduces some key-dependent internal operations, which make NORX v3.0 immune to our attacks. However, the structural distinguisher of the permutation persists.

Sign in / Sign up

Export Citation Format

Share Document