scholarly journals Beyond-Birthday-Bound Secure Cryptographic Permutations from Ideal Ciphers with Long Keys

2020 ◽  
pp. 68-92 ◽  
Author(s):  
Ryota Nakamichi ◽  
Tetsu Iwata
Keyword(s):  
Beyond Birthday Bound ◽  
Security Bound

Coron et al. showed a construction of a 3-round 2n-bit cryptographic permutation from three independent n-bit ideal ciphers with n-bit keys (TCC 2010). Guo and Lin showed a construction of a (2d − 1)-round dn-bit cryptographic permutation from 2d − 1 independent n-bit ideal ciphers with kn-bit keys, where d = k + 1 (Cryptography and Communications, 2015). These constructions have an indifferentiability security bound of O(q2/2n) against adversaries that make at most q queries. The bound is commonly referred to as birthday-bound security. In this paper, we show that a 5-round version of Coron et al.’s construction and (2d+1)-round version of Guo and Lin’s construction yield a cryptographic permutation with an indifferentiability security bound of O(q2/22n), i.e., by adding two more rounds, these constructions have beyond-birthday-bound security. Furthermore, under the assumption that q ≤ 2n, we show that Guo and Lin’s construction with 2d+2l−1 rounds yields a cryptographic permutation with a security bound of O(q2/2(l+1)n), where 1 ≤ l ≤ d − 1, i.e., the security bound exponentially improves by adding every two more rounds, up to 4d − 3 rounds. To the best of our knowledge, our result gives the first cryptographic permutation that is built from n-bit ideal ciphers and has a full n-bit indifferentiability security bound.

scholarly journals Almost-Minimal-Round BBB-Secure Tweakable Key-Alternating Feistel Block Cipher

Symmetry ◽  
2021 ◽  
Vol 13 (4) ◽  
pp. 649
Author(s):  
Ming Jiang ◽  
Lei Wang
Keyword(s):  
Block Cipher ◽  
Security Proof ◽  
Tweakable Block Cipher ◽  
Beyond Birthday Bound ◽  
Security Bound

This paper focuses on designing a tweakable block cipher via by tweaking the Key-Alternating Feistel (KAF for short) construction. Very recently Yan et al. published a tweakable KAF construction. It provides a birthday-bound security with 4 rounds and Beyond-Birthday-Bound (BBB for short) security with 10 rounds. Following their work, we further reduce the number of rounds in order to improve the efficiency while preserving the same level of security bound. More specifically, we rigorously prove that 6-round tweakable KAF cipher is BBB- secure. The main technical contribution is presenting a more refined security proof framework, which makes significant efforts to deal with several subtle and complicated sub-events. Note that Yan et al. showed that 4-round KAF provides exactly Birthday-Bound security by a concrete attack. Thus, 6 rounds are (almost) minimal rounds to achieve BBB security for tweakable KAF construction.

scholarly journals Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers

2019 ◽  
pp. 66-94
Author(s):  
Yusuke Naito ◽  
Takeshi Sugawara
Keyword(s):  
Block Ciphers ◽  
Block Length ◽  
Authenticated Encryption ◽  
Small Block ◽  
Mode Of Operation ◽  
Common Strategy ◽  
Length Data ◽  
Beyond Birthday Bound ◽  
Data Length ◽  
Security Bound

The use of a small block length is a common strategy when designing lightweight (tweakable) block ciphers (TBCs), and several 64-bit primitives have been proposed. However, when such a 64-bit primitive is used for an authenticated encryption with birthday-bound security, it has only 32-bit data complexity, which is subject to practical attacks. To employ a short block length without compromising security, we propose PFB, a lightweight TBC-based authenticated encryption with associated data mode, which achieves beyond-birthday-bound security. For this purpose, we extend iCOFB, which is originally defined with a tweakable random function. Unlike iCOFB, the proposed method can be instantiated with a TBC using a fixed tweak length and can handle variable-length data. Moreover, its security bound is improved and independent of the data length; this improves the key lifetime, particularly in lightweight blocks with a small size. The proposed method also covers a broader class of feedback functions because of the generalization presented in our proof. We evaluate the concrete hardware performances of PFB, which benefits from the small block length and shows particularly good performances in threshold implementation.

scholarly journals Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks

2020 ◽  
pp. 54-80
Author(s):  
Ryota Nakamichi ◽  
Tetsu Iwata
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Simple Iteration ◽  
Tweakable Block Cipher ◽  
Beyond Birthday Bound ◽  
Security Bound

We consider a problem of constructing a secure block cipher from a tweakable block cipher (TBC) with long tweaks. Given a TBC with n-bit blocks and Γn-bit tweaks for Γ ≥ 1, one of the constructions by Minematsu in DCC 2015 shows that a simple iteration of the TBC for 3d rounds yields a block cipher with dn-bit blocks that is secure up to 2dn/2 queries, where d = Γ + 1. In this paper, we show three results.1. Iteration of 3d − 2 rounds is enough for the security up to 2dn/2 queries, i.e., the security remains the same even if we reduce the number of rounds by two.2. When the number of queries is limited to 2n, d+1 rounds are enough, and with d + l rounds for 1 ≤ l ≤ d − 1, the security bound improves as l grows.3. A d-round construction gives a block cipher secure up to 2n/2 queries, i.e., it achieves the classical birthday-bound security. Our results show that a block cipher with beyond-birthday-bound (BBB) security (with respect to n) is obtained as low as d + 1 rounds, and we draw the security spectrum of d + l round version in the range of 1 ≤ l ≤ d−1 and l = 2d−2 for BBB security, and l = 0 for birthday-bound security.

scholarly journals Rejection Sampling Revisit: How to Choose Parameters in Lattice-Based Signature

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Zhongxiang Zheng ◽  
Anyu Wang ◽  
Lingyue Qin
Keyword(s):  
Uniform Distribution ◽  
Sampling Theorem ◽  
New Method ◽  
Security Level ◽  
Rejection Sampling ◽  
Forgery Attack ◽  
Rejection Probability ◽  
Standardization Process ◽  
Security Levels ◽  
Security Bound

Rejection sampling technology is a core tool in the design of lattice-based signatures with ‘Fiat–Shamir with Aborts’ structure, and it is related to signing efficiency and signature, size as well as security. In the rejection sampling theorem proposed by Lyubashevsky, the masking vector of rejection sampling is chosen from discrete Gaussian distribution. However, in practical designs, the masking vector is more likely to be chosen from bounded uniform distribution due to better efficiency and simpler implementation. Besides, as one of the third-round candidate signatures in the NIST postquantum cryptography standardization process, the 3rd round version of CRYSTALS-Dilithium has proposed a new method to decrease the rejection probability in order to achieve better efficiency and smaller signature size by decreasing the number of nonzero coefficients of the challenge polynomial according to the security levels. However, it is seen that small entropies in this new method may lead to higher risk of forgery attack compared with former schemes proposed in its 2nd version. Thus, in this paper, we first analyze the complexity of forgery attack for small entropies and then introduce a new method to decrease the rejection probability without loss of security including the security against forgery attack. This method is achieved by introducing a new rejection sampling theorem with tighter bound by utilizing Rényi divergence where masking vector follows uniform distribution. By observing large gaps between the security claim and actual security bound in CRYSTALS-Dilithium, we propose two series of adapted parameters for CRYSTALS-Dilithium. The first set can improve the efficiency of the signing process in CRYSTALS-Dilithium by factors of 61.7 %  and  41.7 % , according to the security levels, and ensure the security against known attacks, including forgery attack. And, the second set can reduce the signature size by a factor of 14.09 % with small improvements in efficiency at the same security level.

Probably Secure Keyed-Function Based Authenticated Encryption Schemes for Big Data

2017 ◽  
Vol 28 (06) ◽  
pp. 661-682
Author(s):  
Rashed Mazumder ◽  
Atsuko Miyaji ◽  
Chunhua Su
Keyword(s):  
Big Data ◽  
Research Area ◽  
Security Model ◽  
Authenticated Encryption ◽  
Big Data Applications ◽  
Critical Issues ◽  
Encryption Schemes ◽  
Big Data Application ◽  
Probabilistic Encryption ◽  
Security Bound

Security, privacy and data integrity are the critical issues in Big Data application of IoT-enable environment and cloud-based services. There are many upcoming challenges to establish secure computations for Big Data applications. Authenticated encryption (AE) plays one of the core roles for Big Data’s confidentiality, integrity, and real-time security. However, many proposals exist in the research area of authenticated encryption. Generally, there are two concepts of nonce respect and nonce reuse under the security notion of the AE. However, recent studies show that nonce reuse needs to sacrifice security bound of the AE. In this paper, we consider nonce respect scheme and probabilistic encryption scheme which are more efficient and suitable for big data applications. Both schemes are based on keyed function. Our first scheme (FS) operates in parallel mode whose security is based on nonce respect and supports associated data. Furthermore, it needs less call of functions/block-cipher. On the contrary, our second scheme is based on probabilistic encryption. It is expected to be a light solution because of weaker security model construction. Moreover, both schemes satisfy reasonable privacy security bound.

Sign in / Sign up

Export Citation Format

Share Document