A Long Tweak Goes a Long Way: High Multi-user Security Authenticated Encryption from Tweakable Block Ciphers
Authors
Benoît Cogliati, Jérémy Jean, Thomas Peyrin, Yannick Seurin
Benoît Cogliati
Thales DIS France SAS, France
benoit dot cogliati at gmail dot com
benoit dot cogliati at gmail dot com
Jérémy Jean
ANSSI, France
jeremy dot jean at ssi dot gouv dot fr
jeremy dot jean at ssi dot gouv dot fr
Thomas Peyrin
Nanyang Technological University, Singapore
thomas dot peyrin at ntu dot edu dot sg
thomas dot peyrin at ntu dot edu dot sg
Yannick Seurin
Ledger, France
yannick dot seurin at m4x dot org
yannick dot seurin at m4x dot org
Abstract
We analyze the multi-user (mu) security of a family of nonce-based authentication encryption (nAE) schemes based on a tweakable block cipher (TBC). The starting point of our work is an analysis of the mu security of the SCT-II mode which underlies the nAE scheme Deoxys-II, winner of the CAESAR competition for the defense-in-depth category. We extend this analysis in two directions, as we detail now.
First, we investigate the mu security of several TBC-based variants of the counter encryption mode (including CTRT, the encryption mode used within SCT-II) that differ by the way a nonce, a random value, and a counter are combined as tweak and plaintext inputs to the TBC to produce the keystream blocks that will mask the plaintext blocks. Then, we consider the authentication part of SCT-II and study the mu security of the nonce-based MAC Nonce-as-Tweak (NaT) built from a TBC and an almost universal (AU) hash function. We also observe that the standard construction of an AU hash function from a (T)BC can be proven secure under the assumption that the underlying TBC is unpredictable rather than pseudorandom, allowing much better conjectures on the concrete AU advantage. This allows us to derive the mu security of the family of nAE modes obtained by combining these encryption/MAC building blocks through the NSIV composition method.
Some of these modes require an underlying TBC with a larger tweak length than what is usually available for existing ones. We then show the practicality of our modes by instantiating them with two new TBC constructions, Deoxys-TBC-512 and Deoxys-TBC-640, which can be seen as natural extensions of the Deoxys-TBC family to larger tweak input sizes. Designing such TBCs with unusually large tweaks is prone to pitfalls: Indeed, we show that a large-tweak proposal for SKINNY published at EUROCRYPT 2020 presents an inherent construction flaw. We therefore provide a sound design strategy to construct large-tweak TBCs within the Superposition Tweakey (STK) framework, leading to new Deoxys-TBC and SKINNY variants. We provide software benchmarks indicating that while ensuring a very high security level, the performances of our proposals remain very competitive.
References
[ABPV21]
Elena Andreeva, Amit Singh Bhati, Bart Preneel, and Damian Vizár. 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Trans. Symm. Cryptol., 2021(3):1–35, 2021. DOI: 10.46586/tosc.v2021.i3.1-35
[ADMA15]
Elena Andreeva, Joan Daemen, Bart Mennink, and Gilles Van Assche. Security of Keyed Sponge Constructions Using a Modular Proof Approach. In Gregor Leander, editor, FSE 2015, volume 9054 of LNCS, pages 364–384. March 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-48116-5_18
[ALP+19]
Elena Andreeva, Virginie Lallemand, Antoon Purnal, Reza Reyhanitabar, Arnab Roy, and Damian Vizár. Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Steven D. Galbraith and Shiho Moriai, editors, ASIACRYPT 2019, Part II, volume 11922 of LNCS, pages 153–182. December 2019. Springer, Heidelberg. DOI: 10.1007/978-3-030-34621-8_6
[Ava17]
Roberto Avanzi. The QARMA Block Cipher Family. IACR Trans. Symm. Cryptol., 2017(1):4–44, 2017. DOI: 10.13154/tosc.v2017.i1.4-44
[BBM00]
Mihir Bellare, Alexandra Boldyreva, and Silvio Micali. Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements. In Bart Preneel, editor, EUROCRYPT 2000, volume 1807 of LNCS, pages 259–274. May 2000. Springer, Heidelberg. DOI: 10.1007/3-540-45539-6_18
[BBT16]
Mihir Bellare, Daniel J. Bernstein, and Stefano Tessaro. Hash-Function Based PRFs: AMAC and Its Multi-User Security. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part I, volume 9665 of LNCS, pages 566–595. May 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-49890-3_22
[BCK96]
Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Pseudorandom Functions Revisited: The Cascade Construction and Its Concrete Security. In 37th FOCS, pages 514–523. October 1996. IEEE Computer Society Press. DOI: 10.1109/SFCS.1996.548510
[Bel06]
Mihir Bellare. New Proofs for NMAC and HMAC: Security without Collision-Resistance. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 602–619. August 2006. Springer, Heidelberg. DOI: 10.1007/11818175_36
[Ber99]
Daniel J. Bernstein. How to Stretch Random Functions: The Security of Protected Counter Sums. Journal of Cryptology, 12(3):185–192, June 1999. DOI: 10.1007/s001459900051
[BGR95]
Mihir Bellare, Roch Guérin, and Phillip Rogaway. XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions. In Don Coppersmith, editor, CRYPTO'95, volume 963 of LNCS, pages 15–28. August 1995. Springer, Heidelberg. DOI: 10.1007/3-540-44750-4_2
[BHT18]
Priyanka Bose, Viet Tung Hoang, and Stefano Tessaro. Revisiting AES-GCM-SIV: Multi-user Security, Faster Key Derivation, and Better Bounds. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part I, volume 10820 of LNCS, pages 468–499. 2018. Springer, Heidelberg. DOI: 10.1007/978-3-319-78381-9_18
[Bih02]
Eli Biham. How to decrypt or even substitute DES-encrypted messages in 2\({}^{\mbox{28}}\) steps. Inf. Process. Lett., 84(3):117–124, 2002. DOI: 10.1016/S0020-0190(02)00269-7
[BJK+16]
Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, and Siang Meng Sim. The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part II, volume 9815 of LNCS, pages 123–153. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53008-5_5
[BL13]
Daniel J. Bernstein and Tanja Lange. Non-uniform Cracks in the Concrete: The Power of Free Precomputation. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 321–340. December 2013. Springer, Heidelberg. DOI: 10.1007/978-3-642-42045-0_17
[BLLS22]
Jannis Bossert, Eik List, Stefan Lucks, and Sebastian Schmitz. Pholkos - Efficient Large-State Tweakable Block Ciphers from the AES Round Function. In Steven D. Galbraith, editor, CT-RSA 2022, volume 13161 of LNCS, pages 511–536. March 2022. Springer, Heidelberg. DOI: 10.1007/978-3-030-95312-6_21
[BR02]
John Black and Phillip Rogaway. A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In Lars R. Knudsen, editor, EUROCRYPT 2002, volume 2332 of LNCS, pages 384–397. 2002. Springer, Heidelberg. DOI: 10.1007/3-540-46035-7_25
[BS20]
Dan Boneh and Victor Shoup. A Graduate Course in Applied Cryptography, v0.5. 2020. Available at http://toc.cryptobook.us/book.pdf
[BT16]
Mihir Bellare and Björn Tackmann. The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 247–276. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53018-4_10
[BZD+16]
Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. In WOOT. 2016. USENIX Association.
[CHP+17]
Carlos Cid, Tao Huang, Thomas Peyrin, Yu Sasaki, and Ling Song. A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers. IACR Trans. Symm. Cryptol., 2017(3):73–107, 2017. DOI: 10.13154/tosc.v2017.i3.73-107
[CLS17]
Benoît Cogliati, Jooyoung Lee, and Yannick Seurin. New Constructions of MACs from (Tweakable) Block Ciphers. IACR Trans. Symm. Cryptol., 2017(2):27–58, 2017. DOI: 10.13154/tosc.v2017.i2.27-58
[Cro01]
Paul Crowley. Mercy: A Fast Large Block Cipher for Disk Sector Encryption. In Bruce Schneier, editor, FSE 2000, volume 1978 of LNCS, pages 49–63. April 2001. Springer, Heidelberg. DOI: 10.1007/3-540-44706-7_4
[CS14]
Shan Chen and John P. Steinberger. Tight Security Bounds for Key-Alternating Ciphers. In Phong Q. Nguyen and Elisabeth Oswald, editors, EUROCRYPT 2014, volume 8441 of LNCS, pages 327–350. May 2014. Springer, Heidelberg. DOI: 10.1007/978-3-642-55220-5_19
[DMA17]
Joan Daemen, Bart Mennink, and Gilles Van Assche. Full-State Keyed Duplex with Built-In Multi-user Support. In Tsuyoshi Takagi and Thomas Peyrin, editors, ASIACRYPT 2017, Part II, volume 10625 of LNCS, pages 606–637. December 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-70697-9_21
[DQSW22]
Xiaoyang Dong, Lingyue Qin, Siwei Sun, and Xiaoyun Wang. Key Guessing Strategies for Linear Key-Schedule Algorithms in Rectangle Attacks. In Orr Dunkelman and Stefan Dziembowski, editors, EUROCRYPT 2022, Part III, volume 13277 of LNCS, pages 3–33. 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-07082-2_1
[DS09]
Yevgeniy Dodis and John P. Steinberger. Message Authentication Codes from Unpredictable Block Ciphers. In Shai Halevi, editor, CRYPTO 2009, volume 5677 of LNCS, pages 267–285. August 2009. Springer, Heidelberg. DOI: 10.1007/978-3-642-03356-8_16
[DTT10]
Anindya De, Luca Trevisan, and Madhur Tulsiani. Time Space Tradeoffs for Attacks against One-Way Functions and PRGs. In Tal Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 649–665. August 2010. Springer, Heidelberg. DOI: 10.1007/978-3-642-14623-7_35
[DY15]
Nilanjan Datta and Kan Yasuda. Generalizing PMAC Under Weaker Assumptions. In Ernest Foo and Douglas Stebila, editors, ACISP 15, volume 9144 of LNCS, pages 433–450. 2015. Springer, Heidelberg. DOI: 10.1007/978-3-319-19962-7_25
[Fer02]
Niels Ferguson. Collision attacks on OCB. 2002.
[FJM14]
Pierre-Alain Fouque, Antoine Joux, and Chrysanthi Mavromati. Multi-user Collisions: Applications to Discrete Logarithm, Even-Mansour and PRINCE. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT 2014, Part I, volume 8873 of LNCS, pages 420–438. December 2014. Springer, Heidelberg. DOI: 10.1007/978-3-662-45611-8_22
[GLL17]
Shay Gueron, Adam Langley, and Yehuda Lindell. AES-GCM-SIV: Specification and Analysis. https://eprint.iacr.org/2017/168. Cryptology ePrint Archive, Report 2017/168. 2017.
[GW18]
Chun Guo and Lei Wang. Revisiting Key-Alternating Feistel Ciphers for Shorter Keys and Multi-user Security. In Thomas Peyrin and Steven Galbraith, editors, ASIACRYPT 2018, Part I, volume 11272 of LNCS, pages 213–243. December 2018. Springer, Heidelberg. DOI: 10.1007/978-3-030-03326-2_8
[HSE23]
Hosein Hadipour, Sadegh Sadeghi, and Maria Eichlseder. Finding the Impossible: Automated Search for Full Impossible-Differential, Zero-Correlation, and Integral Attacks. In Carmit Hazay and Martijn Stam, editors, EUROCRYPT 2023, Part IV, volume 14007 of LNCS, pages 128–157. April 2023. Springer, Heidelberg. DOI: 10.1007/978-3-031-30634-1_5
[HT16]
Viet Tung Hoang and Stefano Tessaro. Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 3–32. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53018-4_1
[HT17]
Viet Tung Hoang and Stefano Tessaro. The Multi-user Security of Double Encryption. In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, EUROCRYPT 2017, Part II, volume 10211 of LNCS, pages 381–411. 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-56614-6_13
[HTT18]
Viet Tung Hoang, Stefano Tessaro, and Aishwarya Thiruvengadam. The Multi-user Security of GCM, Revisited: Tight Bounds for Nonce Randomization. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 1429–1440. October 2018. ACM Press. DOI: 10.1145/3243734.3243816
[IKMP20]
Tetsu Iwata, Mustafa Khairallah, Kazuhiko Minematsu, and Thomas Peyrin. Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms. IACR Trans. Symm. Cryptol., 2020(1):43–120, 2020. DOI: 10.13154/tosc.v2020.i1.43-120
[IMPS17]
Tetsu Iwata, Kazuhiko Minematsu, Thomas Peyrin, and Yannick Seurin. ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part III, volume 10403 of LNCS, pages 34–65. August 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-63697-9_2
[JNP14]
Jérémy Jean, Ivica Nikolic, and Thomas Peyrin. Tweaks and Keys for Block Ciphers: The TWEAKEY Framework. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT 2014, Part II, volume 8874 of LNCS, pages 274–288. December 2014. Springer, Heidelberg. DOI: 10.1007/978-3-662-45608-8_15
[JNPS16]
Jérémy Jean, Ivica Nikolic, Thomas Peyrin, and Yannick Seurin. Deoxys v1.43. Submitted to CAESAR AE competition. 2016.
[JNPS21]
Jérémy Jean, Ivica Nikolic, Thomas Peyrin, and Yannick Seurin. The Deoxys AEAD Family. Journal of Cryptology, 34(3):31, July 2021. DOI: 10.1007/s00145-021-09397-w
[KMY18]
Elif Bilge Kavun, Hristina Mihajloska, and Tolga Yalçin. A Survey on Authenticated Encryption-ASIC Designer's Perspective. ACM Comput. Surv., 50(6):88:1–88:21, 2018. DOI: 10.1145/3131276
[KR11]
Ted Krovetz and Phillip Rogaway. The Software Performance of Authenticated-Encryption Modes. In Antoine Joux, editor, FSE 2011, volume 6733 of LNCS, pages 306–327. February 2011. Springer, Heidelberg. DOI: 10.1007/978-3-642-21702-9_18
[LJ19]
Rongjia Li and Chenhui Jin. Meet-in-the-middle attacks on round-reduced tweakable block cipher Deoxys-BC. IET Inf. Secur., 13(1):70–75, 2019. DOI: 10.1049/iet-ifs.2018.5091
[LMP17]
Atul Luykx, Bart Mennink, and Kenneth G. Paterson. Analyzing Multi-key Security Degradation. In Tsuyoshi Takagi and Thomas Peyrin, editors, ASIACRYPT 2017, Part II, volume 10625 of LNCS, pages 575–605. December 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-70697-9_20
[LPTY16]
Atul Luykx, Bart Preneel, Elmar Tischhauser, and Kan Yasuda. A MAC Mode for Lightweight Block Ciphers. In Thomas Peyrin, editor, FSE 2016, volume 9783 of LNCS, pages 43–59. March 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-52993-5_3
[LRW11]
Moses Liskov, Ronald L. Rivest, and David Wagner. Tweakable Block Ciphers. Journal of Cryptology, 24(3):588–613, July 2011. DOI: 10.1007/s00145-010-9073-y
[ML15]
Nicky Mouha and Atul Luykx. Multi-key Security: The Even-Mansour Construction Revisited. In Rosario Gennaro and Matthew J. B. Robshaw, editors, CRYPTO 2015, Part I, volume 9215 of LNCS, pages 209–223. August 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-47989-6_10
[MMS18]
Farokhlagha Moazami, Alireza Mehrdad, and Hadi Soleimany. Impossible Differential Cryptanalysis on Deoxys-BC-256. ISC Int. J. Inf. Secur., 10(2):93–105, 2018. DOI: 10.22042/isecure.2018.114245.405
[NS19]
Yusuke Naito and Takeshi Sugawara. Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers. IACR TCHES, 2020(1):66–94, 2019. https://tches.iacr.org/index.php/TCHES/article/view/8393 DOI: 10.13154/tches.v2020.i1.66-94
[NSS20a]
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara. Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation. In Anne Canteaut and Yuval Ishai, editors, EUROCRYPT 2020, Part II, volume 12106 of LNCS, pages 705–735. May 2020. Springer, Heidelberg. DOI: 10.1007/978-3-030-45724-2_24
[NSS20b]
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara. LM-DAE: Low-Memory Deterministic Authenticated Encryption for 128-bit Security. IACR Trans. Symm. Cryptol., 2020(4):1–38, 2020. DOI: 10.46586/tosc.v2020.i4.1-38
[Pat09]
Jacques Patarin. The “Coefficients H” Technique (Invited Talk). In Roberto Maria Avanzi, Liam Keliher, and Francesco Sica, editors, SAC 2008, volume 5381 of LNCS, pages 328–345. August 2009. Springer, Heidelberg. DOI: 10.1007/978-3-642-04159-4_21
[PPS15]
Kenneth G. Paterson, Bertram Poettering, and Jacob C. N. Schuldt. Plaintext Recovery Attacks Against WPA/TKIP. In Carlos Cid and Christian Rechberger, editors, FSE 2014, volume 8540 of LNCS, pages 325–349. March 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-46706-0_17
[PS16]
Thomas Peyrin and Yannick Seurin. Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 33–63. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53018-4_2
[QDW+22]
Lingyue Qin, Xiaoyang Dong, Anyu Wang, Jialiang Hua, and Xiaoyun Wang. Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256. In Shweta Agrawal and Dongdai Lin, editors, ASIACRYPT 2022, Part I, volume 13791 of LNCS, pages 287–317. December 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-22963-3_10
[RBBK01]
Phillip Rogaway, Mihir Bellare, John Black, and Ted Krovetz. OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. In Michael K. Reiter and Pierangela Samarati, editors, ACM CCS 2001, pages 196–205. November 2001. ACM Press. DOI: 10.1145/501983.502011
[Rog04]
Phillip Rogaway. Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In Pil Joong Lee, editor, ASIACRYPT 2004, volume 3329 of LNCS, pages 16–31. December 2004. Springer, Heidelberg. DOI: 10.1007/978-3-540-30539-2_2
[RS06]
Phillip Rogaway and Thomas Shrimpton. A Provable-Security Treatment of the Key-Wrap Problem. In Serge Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages 373–390. 2006. Springer, Heidelberg. DOI: 10.1007/11761679_23
[Sas18]
Yu Sasaki. Improved Related-Tweakey Boomerang Attacks on Deoxys-BC. In Antoine Joux, Abderrahmane Nitaj, and Tajjeeddine Rachidi, editors, AFRICACRYPT 18, volume 10831 of LNCS, pages 87–106. May 2018. Springer, Heidelberg. DOI: 10.1007/978-3-319-89339-6_6
[Sch98]
R. Schroeppel. Hasty Pudding Cipher. http://www.cs.arizona.edu/rcs/hpc. 1998.
[SWGW21]
Yaobin Shen, Lei Wang, Dawu Gu, and Jian Weng. Revisiting the Security of DbHtS MACs: Beyond-Birthday-Bound in the Multi-user Setting. In Tal Malkin and Chris Peikert, editors, CRYPTO 2021, Part III, volume 12827 of LNCS, pages 309–336, Virtual Event. August 2021. Springer, Heidelberg. DOI: 10.1007/978-3-030-84252-9_11
[SYC+24]
Ling Song, Qianqian Yang, Yincen Chen, Lei Hu, and Jian Weng. Probabilistic Extensions: A One-Step Framework for Finding Rectangle Attacks and Beyond. In Marc Joye and Gregor Leander, editors, EUROCRYPT 2024, Part I, volume 14651 of LNCS, pages 339–367. May 2024. Springer, Heidelberg. DOI: 10.1007/978-3-031-58716-0_12
[Tes15]
Stefano Tessaro. Optimally Secure Block Ciphers from Ideal Primitives. In Tetsu Iwata and Jung Hee Cheon, editors, ASIACRYPT 2015, Part II, volume 9453 of LNCS, pages 437–462. 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-48800-3_18
[VP17]
Mathy Vanhoef and Frank Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, ACM CCS 2017, pages 1313–1328. 2017. ACM Press. DOI: 10.1145/3133956.3134027
[VP18]
Mathy Vanhoef and Frank Piessens. Release the Kraken: New KRACKs in the 802.11 Standard. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 299–314. October 2018. ACM Press. DOI: 10.1145/3243734.3243807
[WP19]
Haoyang Wang and Thomas Peyrin. Boomerang Switch in Multiple Rounds. IACR Trans. Symm. Cryptol., 2019(1):142–169, 2019. DOI: 10.13154/tosc.v2019.i1.142-169
[ZDJ19]
Boxin Zhao, Xiaoyang Dong, and Keting Jia. New Related-Tweakey Boomerang and Rectangle Attacks on Deoxys-BC Including BDT Effect. IACR Trans. Symm. Cryptol., 2019(3):121–151, 2019. DOI: 10.13154/tosc.v2019.i3.121-151
[ZDJM19]
Boxin Zhao, Xiaoyang Dong, Keting Jia, and Willi Meier. Improved Related-Tweakey Rectangle Attacks on Reduced-Round Deoxys-BC-384 and Deoxys-I-256-128. In Feng Hao, Sushmita Ruj, and Sourav Sen Gupta, editors, INDOCRYPT 2019, volume 11898 of LNCS, pages 139–159. December 2019. Springer, Heidelberg. DOI: 10.1007/978-3-030-35423-7_7
[ZDW19]
Rui Zong, Xiaoyang Dong, and Xiaoyun Wang. Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256. Sci. China Inf. Sci., 62(3):32102:1–32102:12, 2019. DOI: 10.1007/s11432-017-9382-2
PDF
History
Submitted: 2024-04-08
Accepted: 2024-06-03
Published: 2024-07-08
Accepted: 2024-06-03
Published: 2024-07-08
How to cite
Benoît Cogliati, Jérémy Jean, Thomas Peyrin, and Yannick Seurin, A Long Tweak Goes a Long Way: High Multi-user Security Authenticated Encryption from Tweakable Block Ciphers. IACR Communications in Cryptology, vol. 1, no. 2, Jul 08, 2024, doi: 10.62056/a3qjp2fgx.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.