scholarly journals Forking Tweakable Even-Mansour Ciphers

2020 ◽  
pp. 71-87
Author(s):  
Hwigyeom Kim ◽  
Yeongmin Lee ◽  
Jooyoung Lee
Keyword(s):  
Provable Security ◽  
Authenticated Encryption ◽  
Encryption Schemes ◽  
Permutation Model ◽  
The Ideal ◽  
Function Mapping ◽  
Short Messages

A forkcipher is a keyed, tweakable function mapping an n-bit input to a 2nbit output, which is equivalent to concatenating two outputs from two permutations. A forkcipher can be a useful primitive to design authenticated encryption schemes for short messages. A forkcipher is typically designed within the iterate-fork-iterate (IFI) paradigm, while the provable security of such a construction has not been widely explored.In this paper, we propose a method of constructing a forkcipher using public permutations as its building primitives. It can be seen as applying the IFI paradigm to the tweakable Even-Mansour ciphers. So our construction is dubbed the forked tweakable Even-Mansour (FTEM) cipher. Our main result is to prove that a (1, 1)-round FTEM cipher (applying a single-round TEM to a plaintext, followed by two independent copies of a single-round TEM) is secure up to 2 2n/3 queries in the ideal permutation model.

scholarly journals Security of Symmetric Primitives against Key-Correlated Attacks

2019 ◽  
pp. 193-230
Author(s):  
Aisling Connolly ◽  
Pooya Farshim ◽  
Georg Fuchsbauer
Keyword(s):  
Natural Transformation ◽  
Random Oracle Model ◽  
Random Permutation ◽  
Random Oracle ◽  
Dependent Data ◽  
Authenticated Encryption ◽  
Ideal Cipher ◽  
Permutation Model ◽  
Ideal Cipher Model ◽  
The Ideal

We study the security of symmetric primitives against key-correlated attacks (KCA), whereby an adversary can arbitrarily correlate keys, messages, and ciphertexts. Security against KCA is required whenever a primitive should securely encrypt key-dependent data, even when it is used under related keys. KCA is a strengthening of the previously considered notions of related-key attack (RKA) and key-dependent message (KDM) security. This strengthening is strict, as we show that 2-round Even–Mansour fails to be KCA secure even though it is both RKA and KDM secure. We provide feasibility results in the ideal-cipher model for KCAs and show that 3-round Even–Mansour is KCA secure under key offsets in the random-permutation model. We also give a natural transformation that converts any authenticated encryption scheme to a KCA-secure one in the random-oracle model. Conceptually, our results allow for a unified treatment of RKA and KDM security in idealized models of computation.

scholarly journals ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode

2020 ◽  
pp. 350-389
Author(s):  
Avik Chakraborti ◽  
Nilanjan Datta ◽  
Ashwin Jha ◽  
Cuauhtemoc Mancillas-López ◽  
Mridul Nandi ◽  
...  
Keyword(s):  
Block Cipher ◽  
Primitive Element ◽  
Low Energy ◽  
Authenticated Encryption ◽  
Area Efficiency ◽  
Starting State ◽  
Encryption Schemes ◽  
Implementation Costs ◽  
Additional Circuitry ◽  
Short Messages

NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security even under the release of unverified plaintext (or RUP) model. ESTATE is based on short-tweak tweakable block ciphers (or tBC, small ’t’ denotes short tweaks) and we instantiate it with two recently designed tBCs: TweAES and TweGIFT. We also propose a low latency variant of ESTATE, called sESTATE, that uses a round-reduced (6 rounds) variant of TweAES called TweAES-6. We provide comprehensive FPGA based hardware implementation for all the three instances. The implementation results depict that ESTATE_TweGIFT-128 (681 LUTs, 263 slices) consumes much lesser area as compared to SUNDAE_GIFT-128 (931 LUTs, 310 slices). When we moved to the AES variants, along with the area-efficiency (ESTATE_TweAES consumes 1901 LUTs, 602 slices while SUNDAE_AES-128 needs 1922 LUTs, 614 slices), we also achieve higher throughput for short messages (For 16-byte message, a throughput of 1251.10 and 945.36 Mbps for ESTATE_TweAES and SUNDAE_AES-128 respectively).

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

Exploiting the Leakage: Analysis of Some Authenticated Encryption Schemes

2016 ◽  
pp. 383-401 ◽  
Author(s):  
Donghoon Chang ◽  
Amit Kumar Chauhan ◽  
Naina Gupta ◽  
Arpan Jati ◽  
Somitra Kumar Sanadhya
Keyword(s):  
Authenticated Encryption ◽  
Encryption Schemes

An Additively Homomorphic Encryption over Large Message Space

2015 ◽  
Vol 10 (3) ◽  
pp. 82-102 ◽  
Author(s):  
Hu Chen ◽  
Yupu Hu ◽  
Zhizhu Lian ◽  
Huiwen Jia ◽  
Xu An Wang
Keyword(s):  
Homomorphic Encryption ◽  
Prime Numbers ◽  
Encryption Scheme ◽  
Fully Homomorphic Encryption ◽  
The Public ◽  
Real World Applications ◽  
Encryption Schemes ◽  
Setting Parameters ◽  
Message Space ◽  
The Ideal

Fully homomorphic encryption schemes available are not efficient enough to be practical, and a number of real-world applications require only that a homomorphic encryption scheme is somewhat homomorphic, even additively homomorphic and has much larger message space for efficiency. An additively homomorphic encryption scheme based heavily on Smart-Vercauteren encryption scheme (SV10 scheme, PKC 2010) is put forward, where both schemes each work with two ideals I and J. As a contribution of independent interest, a two-element representation of the ideal I is given and proven by factoring prime numbers in a number field. This two-element representation serves as the public key. The authors' scheme allows working over much larger message space than that of SV10 scheme by selecting the ideal I with larger decryption radius to generate public/private key pair, instead of choosing the ideal J as done in the SV10 scheme. The correctness and security of the scheme are shown, followed by setting parameters and computational results. The results indicate that this construction has much larger message space than SV10 scheme.

Authenticated encryption schemes with message linkages for message flows

2003 ◽  
Vol 29 (1) ◽  
pp. 101-109 ◽  
Author(s):  
Yuh-Min Tseng ◽  
Jinn-Ke Jan ◽  
Hung-Yu Chien
Keyword(s):  
Authenticated Encryption ◽  
Encryption Schemes

Probably Secure Keyed-Function Based Authenticated Encryption Schemes for Big Data

2017 ◽  
Vol 28 (06) ◽  
pp. 661-682
Author(s):  
Rashed Mazumder ◽  
Atsuko Miyaji ◽  
Chunhua Su
Keyword(s):  
Big Data ◽  
Research Area ◽  
Security Model ◽  
Authenticated Encryption ◽  
Big Data Applications ◽  
Critical Issues ◽  
Encryption Schemes ◽  
Big Data Application ◽  
Probabilistic Encryption ◽  
Security Bound

Security, privacy and data integrity are the critical issues in Big Data application of IoT-enable environment and cloud-based services. There are many upcoming challenges to establish secure computations for Big Data applications. Authenticated encryption (AE) plays one of the core roles for Big Data’s confidentiality, integrity, and real-time security. However, many proposals exist in the research area of authenticated encryption. Generally, there are two concepts of nonce respect and nonce reuse under the security notion of the AE. However, recent studies show that nonce reuse needs to sacrifice security bound of the AE. In this paper, we consider nonce respect scheme and probabilistic encryption scheme which are more efficient and suitable for big data applications. Both schemes are based on keyed function. Our first scheme (FS) operates in parallel mode whose security is based on nonce respect and supports associated data. Furthermore, it needs less call of functions/block-cipher. On the contrary, our second scheme is based on probabilistic encryption. It is expected to be a light solution because of weaker security model construction. Moreover, both schemes satisfy reasonable privacy security bound.

Sign in / Sign up

Export Citation Format

Share Document