Abstract
Recently, Andreeva et al. showed that online ciphers are actually equivalent to arbitrary tweak length (ATL) tweakable block ciphers (TBCs). Within this result they gave a security preserving generic conversion from ATL TBCs to online ciphers. XTX by Minematsu and Iwata is a nice way of extending the tweak space of any fixed tweak length (FTL) TBC using a pAXU hash function. By combining the previous two methods one can get a FTL TBC based online cipher with security in the order of σ2ε where σ is the total number of blocks in all queries, and ε is the pAXU bound of the underlying hash function. In this paper we show that there are genuine practical issues which render it almost impossible to get full security using this approach. We then observe that a recent online enciphering scheme called POEx by Forler et al. is actually an implicit example of this approach. We show a flaw in the analysis of POEx which results in a birthday bound attack and invalidates the beyond-the-birthday bound OSPRP security claim. We take a slightly different approach then the one just mentioned and propose XTC which achieves OSPRP security of O(max(nσ2−n, σ22−(n + t))) where t is the tweak size and n is the block size. While doing so we present an impossibility result for t > n which can be of independent interest.
Similar content being viewed by others
References
Abed, F., Fluhrer, S.R., Forler, C., List, E., Lucks, S., McGrew, D.A., Wenzel, J.: Pipelineable on-line encryption. In: Fast Software Encryption - 21st International Workshop, FSE 2014, London, UK, March 3-5, 2014. Revised Selected Papers, pp 205–223 (2014)
Amanatidis, G., Boldyreva, A., O’Neill, A.: Provably-secure schemes for basic query support in outsourced databases. In: Data and Applications Security XXI, Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security - DBSec 2007, pp 14–30 (2007)
Andreeva, E., Barwell, G., Bhaumik, R., Nandi, M., Page, D., Stam, M.: Turning online ciphers off. IACR Transactions on Symmetric Cryptology 2017(2) (2017)
Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Proceedings of the Advances in Cryptology - ASIACRYPT 2013, Part I, pp 424–443 (2013)
Andreeva, E., Luykx, A., Mennink, B., Yasuda, K.: COBRA: a parallelizable authenticated online cipher without block cipher inverse. In: 21st International Workshop on Fast Software Encryption - FSE 2014. Revised Selected Papers, pp 187–204 (2014)
Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: On-line ciphers and the hash-cbc constructions. J. Cryptol. 25(4), 640–679 (2012)
Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Advances in Cryptology - EUROCRYPT 2006, Proceedings of the 25Th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, May 28 - June 1, 2006, pp 409–426 (2006)
Bernstein, D.J.: Polynomial evaluation and message authentication. http://cr.yp.to/antiforgery/pema-20071022.pdf. Access date is 27 July (2007)
Bhaumik, R., Nandi, M.: Olef: an inverse-free online cipher. an online SPRP with an optimal inverse-free construction. IACR Trans. Symmetric Cryptol. 2016(2), 30–51 (2016)
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: fast and secure message authentication. In: Proceedings of the Advances in Cryptology - CRYPTO ’99, pp 216–233 (1999)
Boldyreva, A., Taesombut, N.: Online encryption schemes: new security notions and constructions. In: Topics in Cryptology - CT-RSA 2004, the Cryptographers’ Track at the RSA Conference 2004, San Francisco, CA, USA, February 23–27, 2004, Proceedings, pp 1–14 (2004)
Bossuet, L., Datta, N., Mancillas-López, C., Nandi, M.: Elmd: a pipelineable authenticated encryption and its hardware implementation. IEEE Trans. Comput. 65 (11), 3318–3331 (2016)
Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)
Chakraborty, D., Ghosh, S., Sarkar, P.: A fast single-key two-level universal hash function. IACR Trans. Symmetric Cryptol. 2017(1), 106–128 (2017)
Datta, N., Nandi, M.: Elme: a misuse resistant parallel authenticated encryption. In: Proceedings of the 19th Australasian Conference on Information Security and Privacy - ACISP 2014, pp 306–321 (2014)
Fleischmann, E., Forler, C., Lucks, S.: Mcoe: a family of almost foolproof on-line authenticated encryption schemes. In: Fast Software Encryption - 19th International Workshop, FSE 2012. Revised Selected Papers, pp 196–215 (2012)
Forler, C., List, E., Lucks, S., Wenzel, J.: POEX: a beyond-birthday-bound-secure on-line cipher. ArcticCrypt 2016 (2016). https://www.researchgate.net/publication/299565944_POEx_A_Beyond-Birthday-Bound-Secure_On-Line_Cipher. Access date is 27 July 2017
Forler, C., List, E., Lucks, S., Wenzel, J.: POEX: a beyond-birthday-bound-secure on-line cipher. Cryptogr. Commun. (2017). https://doi.org/10.1007/s12095-017-0250-9
Gilbert, E.N., MacWilliams, F.J., Sloane, N.J.A.: Codes which detect deception. Bell Syst. Tech. J. 53, 405–424 (1974)
Halevi, S., Krawczyk, H.: MMH: software message authentication in the gbit/second rates. In: Proceedings of the 4th International Workshop on Fast Software Encryption, FSE ’97, pp 172–189 (1997)
Hoang, V.T., Reyhanitabar, R., Rogaway, P., Vizár, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Proceedings of the 35Th Annual Cryptology Conference on Advances in Cryptology - CRYPTO 2015, Part I, pp 493–517 (2015)
Krovetz, T.: Message authentication on 64-bit architectures. In: Selected Areas in Cryptography, 13Th International Workshop, SAC 2006, Revised Selected Papers, pp 327–341 (2006)
Liskov, M., Rivest, R.L., Wagner, D.A.: Tweakable block ciphers. J. Cryptol. 24(3), 588–613 (2011)
Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions (abstract). In: Proceedings of the Advances in Cryptology - CRYPTO ’85, p 447 (1985)
Mennink, B.: Insuperability of the standard versus ideal model gap for tweakable blockcipher security. Cryptology ePrint Archive Report 2017/474 (2017). http://eprint.iacr.org/2017/474
Minematsu, K., Iwata, T.: Tweak-length extension for tweakable blockciphers. In: Proceedings of the 15th IMA International Conference on Cryptography and Coding - IMACC 2015, Oxford, UK, December 1517, 2015, pp 77–93 (2015)
Nandi, M.: A simple security analysis of hash-cbc and a new efficient one-key online cipher. IACR Cryptology ePrint Archive 2007, 158 (2007)
Nandi, M.: Two new efficient cca-secure online ciphers: MHCBC and MCBC. In: Progress in Cryptology - INDOCRYPT 2008, Proceedings of the 9th International Conference on Cryptology in India, Kharagpur, India, December 14–17, 2008, pp 350–362 (2008)
Nandi, M.: On the minimum number of multiplications necessary for universal hash functions. In: Fast Software Encryption - 21st International Workshop, FSE 2014. Revised Selected Papers, pp 489–508 (2014)
Rabin, M.O., Winograd, S.: Fast evaluation of polynomials by rational preparation. Commun. Pure Appl. Math. 25(4), 433–458 (1972)
Rogaway, P., Zhang, H.: Online ciphers from tweakable blockciphers. In: Topics in Cryptology - CT-RSA 2011 - the Cryptographers’ Track at the RSA Conference 2011, San Francisco, CA, USA, February 14–18, 2011. Proceedings, pp 237–249 (2011)
Sarkar, P.: A new multi-linear universal hash family. Des. Codes Crypt. 69(3), 351–367 (2013)
Stinson, D.R.: Combinatorial techniques for universal hashing. J. Comput. Syst. Sci. 48(2), 337–346 (1994)
Stinson, D.R.: Universal hashing and authentication codes. Des. Codes Crypt. 4(4), 369–380 (1994)
Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981)
Winograd, S.: A new algorithm for inner product. IEEE Trans. Comput. 17(7), 693–694 (1968)
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Special Issue on Statistics in Design and Analysis of Symmetric Ciphers
Rights and permissions
About this article
Cite this article
Jha, A., Nandi, M. On rate-1 and beyond-the-birthday bound secure online ciphers using tweakable block ciphers. Cryptogr. Commun. 10, 731–753 (2018). https://doi.org/10.1007/s12095-017-0275-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-017-0275-0