scholarly journals New Constructions of MACs from (Tweakable) Block Ciphers

2017 ◽  
pp. 27-58 ◽  
Author(s):  
Benoît Cogliati ◽  
Jooyoung Lee ◽  
Yannick Seurin
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Message Authentication ◽  
Authentication Codes ◽  
Ideal Cipher ◽  
The Standard Model ◽  
Tweakable Block Cipher ◽  
Ideal Cipher Model ◽  
Provably Secure ◽  
The Ideal

We propose new constructions of Message Authentication Codes (MACs) from tweakable or conventional block ciphers. Our new schemes are either stateless and deterministic, nonce-based, or randomized, and provably secure either in the standard model for tweakable block cipher-based ones, or in the ideal cipher model for block cipher-based ones. All our constructions are very efficient, requiring only one call to the underlying (tweakable) block cipher in addition to universally hashing the message. Moreover, the security bounds we obtain are quite strong: they are beyond the birthday bound, and nonce-based/randomized variants provide graceful security degradation in case of misuse, i.e., the security bound degrades linearly with the maximal number of repetitions of nonces/random values.

scholarly journals Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms

2020 ◽  
pp. 43-120
Author(s):  
Tetsu Iwata ◽  
Mustafa Khairallah ◽  
Kazuhiko Minematsu ◽  
Thomas Peyrin
Keyword(s):  
Block Cipher ◽  
Computationally Efficient ◽  
Ideal Cipher ◽  
The Standard Model ◽  
Large Memory ◽  
Tweakable Block Cipher ◽  
State Size ◽  
Ideal Cipher Model ◽  
Efficiency Rate ◽  
The Ideal

In this article, we propose two new families of very lightweight and efficient authenticated encryption with associated data (AEAD) modes, Romulus and Remus, that provide security beyond the birthday bound with respect to the block-length n. The former uses a tweakable block cipher (TBC) as internal primitive and can be proven secure in the standard model. The later uses a block cipher (BC) as internal primitive and can be proven secure in the ideal cipher model. Both our modes allow to switch very easily from the nonce-respecting to the nonce-misuse scenario.Previous constructions, such as ΘCB3, are quite computationally efficient, yet needing a large memory for implementation, which makes them unsuitable for platforms where lightweight cryptography should play a key role. Romulus and Remus break this barrier by introducing a new architecture evolved from a BC mode COFB. They achieve the best of what can be possible with TBC – the optimal computational efficiency (rate-1 operation) and the minimum state size of a TBC mode (i.e., (n + t)-bit for n-bit block, t-bit tweak TBC), with almost equivalent provable security as ΘCB3. Actually, our comparisons show that both our designs present superior performances when compared to all other recent lightweight AEAD modes, being BC-based, TBC-based or sponge-based, in the nonce-respecting or nonce-misuse scenario. We eventually describe how to instantiate Romulus and Remus modes using the Skinny lightweight tweakable block cipher proposed at CRYPTO 2016, including the hardware implementation results

A Method for Security Estimation of the Spn-Based Block Cipher Against Related-Key Attacks

2014 ◽  
Vol 60 (1) ◽  
pp. 25-45 ◽  
Author(s):  
Dmytro Kaidalov ◽  
Roman Oliynykov ◽  
Oleksandr Kazymyrov
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Message Authentication ◽  
Brute Force ◽  
Symmetric Encryption ◽  
Authentication Codes ◽  
Cryptographic Primitives ◽  
Encryption Algorithms ◽  
Brute Force Attack ◽  
Symmetric Block

Abstract Symmetric block ciphers are the most widely used cryptographic primitives. In addition to providing privacy, block ciphers are used as basic components in the construction of hash functions, message authentication codes, pseudorandom number generators, as a part of various cryptographic protocols, etc. Nowadays the most popular block cipher is AES (Advanced Encryption Standard). It is used as a standard of symmetric encryption in many countries. Several years ago it was found a theoretical attack exploiting the AES key expansion algorithm that allows reducing significantly the complexity comparing to the brute force attack. This article presents an advanced method of finding the number of active substitutions that helps to estimate the security of encryption algorithms against related-key attacks. The method was applied to a prospective block cipher, which is a candidate for the Ukrainian standard

scholarly journals Block Cipher in the Ideal Cipher Model: A Dedicated Permutation Modeled as a Black-Box Public Random Permutation

Symmetry ◽  
2019 ◽  
Vol 11 (12) ◽  
pp. 1485
Author(s):  
Yasir Nawaz ◽  
Lei Wang
Keyword(s):  
Block Cipher ◽  
Random Permutation ◽  
Secret Key ◽  
Pseudorandom Permutation ◽  
Ideal Cipher ◽  
Xor Operation ◽  
Beyond Birthday Bound ◽  
Symmetric Key Cryptography ◽  
Ideal Cipher Model ◽  
The Ideal

Designing a secure construction has always been a fascinating area for the researchers in the field of symmetric key cryptography. This research aimed to make contributions to the design of secure block cipher in the ideal cipher model whose underlying primitive is a family of n − b i t to n − b i t random permutations indexed by secret key. Our target construction of a secure block ciphers denoted as E [ s ] is built on a simple XOR operation and two block cipher invocations, under the assumptions that the block cipher in use is a pseudorandom permutation. One out of these two block cipher invocations produce a subkey that is derived from the secret key. It has been accepted that at least two block cipher invocations with XOR operations are required to achieve beyond birthday bound security. In this paper, we investigated the E [ s ] instances with the advanced proof technique and efficient block cipher constructions that bypass the birthday-bound up to 2 n provable security was achieved. Our study provided new insights to the block cipher that is beyond birthday bound security.

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

New Developments in Quasigroup-Based Cryptography

2014 ◽  
pp. 286-317 ◽  
Author(s):  
Aleksandra Mileva
Keyword(s):  
Building Blocks ◽  
Block Ciphers ◽  
Public Key ◽  
Message Authentication ◽  
Authentication Codes ◽  
New Developments ◽  
Identification Schemes ◽  
Public Key Cryptosystems ◽  
Research Activities ◽  
The Given

This chapter offers an overview of new developments in quasigroup-based cryptography, especially of new defined quasigroup-based block ciphers and stream ciphers, hash functions and message authentication codes, PRNGs, public key cryptosystems, etc. Special attention is given to Multivariate Quadratic Quasigroups (MQQs) and MQQ public key schemes, because of their potential to become one of the most efficient pubic key algorithms today. There are also directions of using MQQs for building Zero knowledge ID-based identification schemes. Recent research activities show that some existing non-quasigroup block ciphers or their building blocks can be represented by quasigroup string transformations. There is a method for generating optimal 4x4 S-boxes by quasigroups of order 4, by which a more optimized hardware implementation of the given S-box can be obtained. Even some block ciphers' modes of operations can be represented by quasigroup string transformations, which leads to finding weaknesses in the interchanged use of these modes.

scholarly journals Cryptography with Disposable Backdoors

Cryptography ◽  
2019 ◽  
Vol 3 (3) ◽  
pp. 22
Author(s):  
Kai-Min Chung ◽  
Marios Georgiou ◽  
Ching-Yi Lai ◽  
Vassilis Zikas
Keyword(s):  
Quantum Computation ◽  
Good Reason ◽  
Message Authentication ◽  
Public Key Encryption ◽  
Authentication Codes ◽  
Digital World ◽  
Trusted Hardware ◽  
Single Use ◽  
Generic Transformation ◽  
Provably Secure

Backdooring cryptographic algorithms is an indisputable taboo in the cryptographic literature for a good reason: however noble the intentions, backdoors might fall in the wrong hands, in which case security is completely compromised. Nonetheless, more and more legislative pressure is being produced to enforce the use of such backdoors. In this work we introduce the concept of disposable cryptographic backdoors which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens. Concretely, we construct a disposable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories. This is to our knowledge the first provably secure construction of such primitives from stateless tokens. As an application of disposable cryptographic backdoors we use our constructed primitive above to propose a middle-ground solution to the recent legislative push to backdoor cryptography: the conflict between Apple and FBI. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and not even Apple can use it to unlock more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a disposable (i.e., single-use, as in the above scenario) backdoor.

Sign in / Sign up

Export Citation Format

Share Document