Abstract
The INT-RUP security of an authenticated encryption (AE) scheme is a well studied problem which deals with the integrity security of an AE scheme in the setting of releasing unverified plaintext model. Popular INT-RUP secure constructions either require a large state (e.g. GCM-RUP, LOCUS, Oribatida) or employ a two-pass mode (e.g. MONDAE) that does not allow on-the-fly data processing. This motivates us to turn our attention to feedback type AE constructions that allow small state implementation as well as on-the-fly computation capability. In CT-RSA 2016, Chakraborti et al. have demonstrated a generic INT-RUP attack on rate-1 block cipher based feedback type AE schemes. Their results inspire us to study about feedback type AE constructions at a reduced rate. In this paper, we consider two such recent designs, SAEB and TinyJAMBU and we analyze their integrity security in the setting of releasing unverified plaintext model. We found an INT-RUP attack on SAEB with roughly \(2^{32}\) decryption queries. However, the concrete analysis shows that if we reduce its rate to 32 bits, SAEB achieves the desired INT-RUP security bound without any additional overhead. Moreover, we have also analyzed TinyJAMBU, one of the finalists of the NIST LwC, and found it to be INT-RUP secure. To the best of our knowledge, this is the first work reporting the INT-RUP security analysis of the block cipher based single state, single pass, on-the-fly, inverse-free authenticated ciphers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Some inverse-free modes are not sequential, e.g., CTR, OTR, GCM etc.
- 2.
rate is defined as the inverse of the number of block cipher calls required to process a single block of message, where a block refers to the block size of the block cipher.
- 3.
GCM-RUP [9] also achieves inverse-free, INT-RUP security and on-the-fly decryption property but it requires two pass.
- 4.
Security bound of the SAEB is moot if the number of encryption blocks exceeds \(2^{32}\).
References
Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D. National Institute of Standards and Technology (2007)
AlTawy, R., Gong, G., He, M., Jha, A., Mandal, K., Nandi, M., Rohit, R.; SpoC: an authenticated cipher submission to the NIST LWC competition (2019). https://csrc.nist.gov/projects/lightweight-cryptography/round-2-candidates
Andreeva, E., Bhati, A.S., Vizar, D.: Nonce-misuse security of the SAEF authenticated encryption mode. Cryptology ePrint Archive, Report 2020/1524 (2020)
Andreeva, E., Bhati, A.S., Vizar, D.: Rup security of the SAEF authenticated encryption mode. Cryptology ePrint Archive, Report 2021/103 (2021)
Andreeva, E., et al.: COLM v1. CAESAR Competition
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 105–125. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_6
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: AES-COPA, vol 2. Submission to CAESAR (2015). https://competitions.cr.yp.to/round2/aescopav2.pdf
Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Vizár, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 153–182. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_6
Ashur, T., Dunkelman, O., Luykx, A.: Boosting authenticated encryption robustness with minimal modifications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 3–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_1
Banik, S., Bogdanov, A., Luykx, A., Tischhauser, E.: Sundae: small universal deterministic authenticated encryption for the internet of things. IACR Trans. Symmetric Cryptol. 3, 2018 (2018)
Beierle, C., et al.: SKINNY-AEAD and skinny-hash. IACR Trans. Symmetric Cryptol. 2020(S1), 88–131 (2020)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25
Bhattacharjee, A., López, C.M., List, E., Nandi, M.: The oribatida v1.3 family of lightweight authenticated encryption schemes. J. Math. Cryptol. 15(1) (2021)
CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness (2014). http://competitions.cr.yp.to/caesar.html
Chakraborti, A., Datta, N., Jha, A., Mancillas-López, C., Nandi, M., Sasaki, Yu.: INT-RUP secure lightweight parallel AE modes. IACR Trans. Symmetric Cryptol. 2019(4), 81–118 (2019)
Chakraborti, A., Datta, N., Jha, A., Mitragotri, S., Nandi, M.: From combined to hybrid: Making feedback-based AE even smaller. IACR Trans. Symmetric Cryptol. 2020(S1), 417–445 (2020)
Chakraborti, A., Datta, N., Nandi, M.: INT-RUP analysis of block-cipher based authenticated encryption schemes. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 39–54. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_3
Chakraborti, A., Datta, N., Nandi, M., Yasuda, K.: Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 218–241 (2018)
Chakraborti, A., Iwata, T., Minematsu, K., Nandi, M.: Blockcipher-based authenticated encryption: how small can we go? In: CHES 2017, Proceedings, pp. 277–298 (2017)
Chang, D., et al.: Release of unverified plaintext: tight unified model and application to ANYDAE. IACR Trans. Symmetric Cryptol. 2019(4), 119–146 (2019)
Chang, D., Nandi, M.: A short proof of the PRP/PRF switching lemma. IACR Cryptol. ePrint Arch. 2008, 78 (2008)
Datta, N., Dutta, A., Ghosh, S.: INT-RUP security of SAEB and tinyjambu. Cryptology ePrint Archive, Paper 2022/1414 (2022). https://eprint.iacr.org/2022/1414
Datta, N., Luykx, A., Mennink, B., Nandi, M.: Understanding RUP integrity of COLM. IACR Trans. Symmetric Cryptol. 2017(2), 143–161 (2017)
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2. Submission to CAESAR (2016). https://competitions.cr.yp.to/round3/asconv12.pdf
Dunkelman, O., Lambooij, E., Ghosh, S.: Practical related-key forgery attacks on the full tinyjambu-192/256. Cryptology ePrint Archive, Paper 2022/1122 (2022)
Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Duel of the titans: the romulus and remus families of lightweight AEAD algorithms. IACR Trans. Symmetric Cryptol. 2020(1), 43–120 (2020)
Iwata, T., Minematsu, K., Guo, J., Morioka, S., Kobayashi, E.: CAESAR Candidate CLOC. DIAC (2014)
Jean, J., Nikolic, I., Peyrin, T., Seurin, Y.: The deoxys AEAD family. J. Cryptol. 34(3), 31 (2021)
McKay, K.A., Bassham, L., Turan, M.S., Mouha, N.: Report on lightweight cryptography (2017). http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8114.pdf
Minematsu, K.: AES-OTR v3.1. Submission to CAESAR (2016). https://competitions.cr.yp.to/round3/aesotrv31.pdf
Montes, M., Penazzi, D.: AES-CPFB v1. Submission to CAESAR (2015). https://competitions.cr.yp.to/round1/aescpfbv1.pdf
Naito, Y., Matsui, M., Sakai, Y., Suzuki, D., Sakiyama, K., Sugawara, T.: SAEAES: submission to NIST LwC (2019). https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/round-2/spec-doc-rnd2/SAEAES-spec-round2.pdf
Naito, Y., Matsui, M., Sugawara, T., Suzuki, D.: SAEB: A lightweight blockcipher-based AEAD mode of operation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 192–217 (2018)
Patarin, J.: The “coefficients h” technique. In: Selected Areas in Cryptography, pp. 328–345 (2008)
Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30539-2_2
Sibleyras, F., Sasaki, Y., Todo, Y., Hosoyamada, A., Yasuda, K.: Birthday-bound slide attacks on TinyJAMBU’s keyed-permutations for all key sizes. In: Cheng, C.M., Akiyama, M. (eds.) IWSEC 2022. LNCS, vol. 13504, pp. 107–127. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15255-9_6
Wu, H.: ACORN: a lightweight authenticated cipher (v3). Submission to CAESAR (2016). https://competitions.cr.yp.to/round3/acornv3.pdf
Wu, H., Huang, T.: The JAMBU lightweight authentication encryption mode (v2.1). Submission to CAESAR (2016). https://competitions.cr.yp.to/round3/jambuv21.pdf
Wu, H., Huang, T.: TinyJAMBU: a family of lightweight authenticated encryption algorithms: submission to NIST LwC (2019). https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/tinyjambu-spec-final.pdf
Zhang, L., Wu, W., Sui, H., Wang, P.: iFeed[AES] v1. Submission to CAESAR (2014). https://competitions.cr.yp.to/round1/ifeedaesv1.pdf
Zhang, P., Wang, P., Hu, H.: The INT-RUP security of OCB with intermediate (parity) checksum. IACR Cryptology ePrint Archive (2017). https://eprint.iacr.org/2016/1059.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Datta, N., Dutta, A., Ghosh, S. (2022). INT-RUP Security of SAEB and TinyJAMBU. In: Isobe, T., Sarkar, S. (eds) Progress in Cryptology – INDOCRYPT 2022. INDOCRYPT 2022. Lecture Notes in Computer Science, vol 13774. Springer, Cham. https://doi.org/10.1007/978-3-031-22912-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-22912-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22911-4
Online ISBN: 978-3-031-22912-1
eBook Packages: Computer ScienceComputer Science (R0)