Communications in Cryptology IACR CiC

A Long Tweak Goes a Long Way: High Multi-user Security Authenticated Encryption from Tweakable Block Ciphers


Benoît Cogliati, Jérémy Jean, Thomas Peyrin, Yannick Seurin
Benoît Cogliati ORCID
Thales DIS France SAS, France
benoit dot cogliati at gmail dot com
Jérémy Jean ORCID
ANSSI, France
jeremy dot jean at ssi dot gouv dot fr
Thomas Peyrin ORCID
Nanyang Technological University, Singapore
thomas dot peyrin at ntu dot edu dot sg
Yannick Seurin ORCID
Ledger, France
yannick dot seurin at m4x dot org


We analyze the multi-user (mu) security of a family of nonce-based authentication encryption (nAE) schemes based on a tweakable block cipher (TBC). The starting point of our work is an analysis of the mu security of the SCT-II mode which underlies the nAE scheme Deoxys-II, winner of the CAESAR competition for the defense-in-depth category. We extend this analysis in two directions, as we detail now.

First, we investigate the mu security of several TBC-based variants of the counter encryption mode (including CTRT, the encryption mode used within SCT-II) that differ by the way a nonce, a random value, and a counter are combined as tweak and plaintext inputs to the TBC to produce the keystream blocks that will mask the plaintext blocks. Then, we consider the authentication part of SCT-II and study the mu security of the nonce-based MAC Nonce-as-Tweak (NaT) built from a TBC and an almost universal (AU) hash function. We also observe that the standard construction of an AU hash function from a (T)BC can be proven secure under the assumption that the underlying TBC is unpredictable rather than pseudorandom, allowing much better conjectures on the concrete AU advantage. This allows us to derive the mu security of the family of nAE modes obtained by combining these encryption/MAC building blocks through the NSIV composition method.

Some of these modes require an underlying TBC with a larger tweak length than what is usually available for existing ones. We then show the practicality of our modes by instantiating them with two new TBC constructions, Deoxys-TBC-512 and Deoxys-TBC-640, which can be seen as natural extensions of the Deoxys-TBC family to larger tweak input sizes. Designing such TBCs with unusually large tweaks is prone to pitfalls: Indeed, we show that a large-tweak proposal for SKINNY published at EUROCRYPT 2020 presents an inherent construction flaw. We therefore provide a sound design strategy to construct large-tweak TBCs within the Superposition Tweakey (STK) framework, leading to new Deoxys-TBC and SKINNY variants. We provide software benchmarks indicating that while ensuring a very high security level, the performances of our proposals remain very competitive.


Elena Andreeva, Amit Singh Bhati, Bart Preneel, and Damian Vizár. 1, 2, 3, Fork: Counter Mode Variants based on a Generalized Forkcipher. IACR Trans. Symm. Cryptol., 2021(3):1–35, 2021. DOI: 10.46586/tosc.v2021.i3.1-35
Elena Andreeva, Joan Daemen, Bart Mennink, and Gilles Van Assche. Security of Keyed Sponge Constructions Using a Modular Proof Approach. In Gregor Leander, editor, FSE 2015, volume 9054 of LNCS, pages 364–384. March 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-48116-5_18
Elena Andreeva, Virginie Lallemand, Antoon Purnal, Reza Reyhanitabar, Arnab Roy, and Damian Vizár. Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In Steven D. Galbraith and Shiho Moriai, editors, ASIACRYPT 2019, Part II, volume 11922 of LNCS, pages 153–182. December 2019. Springer, Heidelberg. DOI: 10.1007/978-3-030-34621-8_6
Roberto Avanzi. The QARMA Block Cipher Family. IACR Trans. Symm. Cryptol., 2017(1):4–44, 2017. DOI: 10.13154/tosc.v2017.i1.4-44
Mihir Bellare, Alexandra Boldyreva, and Silvio Micali. Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements. In Bart Preneel, editor, EUROCRYPT 2000, volume 1807 of LNCS, pages 259–274. May 2000. Springer, Heidelberg. DOI: 10.1007/3-540-45539-6_18
Mihir Bellare, Daniel J. Bernstein, and Stefano Tessaro. Hash-Function Based PRFs: AMAC and Its Multi-User Security. In Marc Fischlin and Jean-Sébastien Coron, editors, EUROCRYPT 2016, Part I, volume 9665 of LNCS, pages 566–595. May 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-49890-3_22
Mihir Bellare, Ran Canetti, and Hugo Krawczyk. Pseudorandom Functions Revisited: The Cascade Construction and Its Concrete Security. In 37th FOCS, pages 514–523. October 1996. IEEE Computer Society Press. DOI: 10.1109/SFCS.1996.548510
Mihir Bellare. New Proofs for NMAC and HMAC: Security without Collision-Resistance. In Cynthia Dwork, editor, CRYPTO 2006, volume 4117 of LNCS, pages 602–619. August 2006. Springer, Heidelberg. DOI: 10.1007/11818175_36
Daniel J. Bernstein. How to Stretch Random Functions: The Security of Protected Counter Sums. Journal of Cryptology, 12(3):185–192, June 1999. DOI: 10.1007/s001459900051
Mihir Bellare, Roch Guérin, and Phillip Rogaway. XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions. In Don Coppersmith, editor, CRYPTO'95, volume 963 of LNCS, pages 15–28. August 1995. Springer, Heidelberg. DOI: 10.1007/3-540-44750-4_2
Priyanka Bose, Viet Tung Hoang, and Stefano Tessaro. Revisiting AES-GCM-SIV: Multi-user Security, Faster Key Derivation, and Better Bounds. In Jesper Buus Nielsen and Vincent Rijmen, editors, EUROCRYPT 2018, Part I, volume 10820 of LNCS, pages 468–499. 2018. Springer, Heidelberg. DOI: 10.1007/978-3-319-78381-9_18
Eli Biham. How to decrypt or even substitute DES-encrypted messages in 2\({}^{\mbox{28}}\) steps. Inf. Process. Lett., 84(3):117–124, 2002. DOI: 10.1016/S0020-0190(02)00269-7
Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, and Siang Meng Sim. The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part II, volume 9815 of LNCS, pages 123–153. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53008-5_5
Daniel J. Bernstein and Tanja Lange. Non-uniform Cracks in the Concrete: The Power of Free Precomputation. In Kazue Sako and Palash Sarkar, editors, ASIACRYPT 2013, Part II, volume 8270 of LNCS, pages 321–340. December 2013. Springer, Heidelberg. DOI: 10.1007/978-3-642-42045-0_17
Jannis Bossert, Eik List, Stefan Lucks, and Sebastian Schmitz. Pholkos - Efficient Large-State Tweakable Block Ciphers from the AES Round Function. In Steven D. Galbraith, editor, CT-RSA 2022, volume 13161 of LNCS, pages 511–536. March 2022. Springer, Heidelberg. DOI: 10.1007/978-3-030-95312-6_21
John Black and Phillip Rogaway. A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In Lars R. Knudsen, editor, EUROCRYPT 2002, volume 2332 of LNCS, pages 384–397. 2002. Springer, Heidelberg. DOI: 10.1007/3-540-46035-7_25
Dan Boneh and Victor Shoup. A Graduate Course in Applied Cryptography, v0.5. 2020. Available at
Mihir Bellare and Björn Tackmann. The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 247–276. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53018-4_10
Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic. Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. In WOOT. 2016. USENIX Association.
Carlos Cid, Tao Huang, Thomas Peyrin, Yu Sasaki, and Ling Song. A Security Analysis of Deoxys and its Internal Tweakable Block Ciphers. IACR Trans. Symm. Cryptol., 2017(3):73–107, 2017. DOI: 10.13154/tosc.v2017.i3.73-107
Benoît Cogliati, Jooyoung Lee, and Yannick Seurin. New Constructions of MACs from (Tweakable) Block Ciphers. IACR Trans. Symm. Cryptol., 2017(2):27–58, 2017. DOI: 10.13154/tosc.v2017.i2.27-58
Paul Crowley. Mercy: A Fast Large Block Cipher for Disk Sector Encryption. In Bruce Schneier, editor, FSE 2000, volume 1978 of LNCS, pages 49–63. April 2001. Springer, Heidelberg. DOI: 10.1007/3-540-44706-7_4
Shan Chen and John P. Steinberger. Tight Security Bounds for Key-Alternating Ciphers. In Phong Q. Nguyen and Elisabeth Oswald, editors, EUROCRYPT 2014, volume 8441 of LNCS, pages 327–350. May 2014. Springer, Heidelberg. DOI: 10.1007/978-3-642-55220-5_19
Joan Daemen, Bart Mennink, and Gilles Van Assche. Full-State Keyed Duplex with Built-In Multi-user Support. In Tsuyoshi Takagi and Thomas Peyrin, editors, ASIACRYPT 2017, Part II, volume 10625 of LNCS, pages 606–637. December 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-70697-9_21
Xiaoyang Dong, Lingyue Qin, Siwei Sun, and Xiaoyun Wang. Key Guessing Strategies for Linear Key-Schedule Algorithms in Rectangle Attacks. In Orr Dunkelman and Stefan Dziembowski, editors, EUROCRYPT 2022, Part III, volume 13277 of LNCS, pages 3–33. 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-07082-2_1
Yevgeniy Dodis and John P. Steinberger. Message Authentication Codes from Unpredictable Block Ciphers. In Shai Halevi, editor, CRYPTO 2009, volume 5677 of LNCS, pages 267–285. August 2009. Springer, Heidelberg. DOI: 10.1007/978-3-642-03356-8_16
Anindya De, Luca Trevisan, and Madhur Tulsiani. Time Space Tradeoffs for Attacks against One-Way Functions and PRGs. In Tal Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 649–665. August 2010. Springer, Heidelberg. DOI: 10.1007/978-3-642-14623-7_35
Nilanjan Datta and Kan Yasuda. Generalizing PMAC Under Weaker Assumptions. In Ernest Foo and Douglas Stebila, editors, ACISP 15, volume 9144 of LNCS, pages 433–450. 2015. Springer, Heidelberg. DOI: 10.1007/978-3-319-19962-7_25
Niels Ferguson. Collision attacks on OCB. 2002.
Pierre-Alain Fouque, Antoine Joux, and Chrysanthi Mavromati. Multi-user Collisions: Applications to Discrete Logarithm, Even-Mansour and PRINCE. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT 2014, Part I, volume 8873 of LNCS, pages 420–438. December 2014. Springer, Heidelberg. DOI: 10.1007/978-3-662-45611-8_22
Shay Gueron, Adam Langley, and Yehuda Lindell. AES-GCM-SIV: Specification and Analysis. Cryptology ePrint Archive, Report 2017/168. 2017.
Chun Guo and Lei Wang. Revisiting Key-Alternating Feistel Ciphers for Shorter Keys and Multi-user Security. In Thomas Peyrin and Steven Galbraith, editors, ASIACRYPT 2018, Part I, volume 11272 of LNCS, pages 213–243. December 2018. Springer, Heidelberg. DOI: 10.1007/978-3-030-03326-2_8
Hosein Hadipour, Sadegh Sadeghi, and Maria Eichlseder. Finding the Impossible: Automated Search for Full Impossible-Differential, Zero-Correlation, and Integral Attacks. In Carmit Hazay and Martijn Stam, editors, EUROCRYPT 2023, Part IV, volume 14007 of LNCS, pages 128–157. April 2023. Springer, Heidelberg. DOI: 10.1007/978-3-031-30634-1_5
Viet Tung Hoang and Stefano Tessaro. Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 3–32. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53018-4_1
Viet Tung Hoang and Stefano Tessaro. The Multi-user Security of Double Encryption. In Jean-Sébastien Coron and Jesper Buus Nielsen, editors, EUROCRYPT 2017, Part II, volume 10211 of LNCS, pages 381–411. 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-56614-6_13
Viet Tung Hoang, Stefano Tessaro, and Aishwarya Thiruvengadam. The Multi-user Security of GCM, Revisited: Tight Bounds for Nonce Randomization. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 1429–1440. October 2018. ACM Press. DOI: 10.1145/3243734.3243816
Tetsu Iwata, Mustafa Khairallah, Kazuhiko Minematsu, and Thomas Peyrin. Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms. IACR Trans. Symm. Cryptol., 2020(1):43–120, 2020. DOI: 10.13154/tosc.v2020.i1.43-120
Tetsu Iwata, Kazuhiko Minematsu, Thomas Peyrin, and Yannick Seurin. ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication. In Jonathan Katz and Hovav Shacham, editors, CRYPTO 2017, Part III, volume 10403 of LNCS, pages 34–65. August 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-63697-9_2
Jérémy Jean, Ivica Nikolic, and Thomas Peyrin. Tweaks and Keys for Block Ciphers: The TWEAKEY Framework. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT 2014, Part II, volume 8874 of LNCS, pages 274–288. December 2014. Springer, Heidelberg. DOI: 10.1007/978-3-662-45608-8_15
Jérémy Jean, Ivica Nikolic, Thomas Peyrin, and Yannick Seurin. Deoxys v1.43. Submitted to CAESAR AE competition. 2016.
Jérémy Jean, Ivica Nikolic, Thomas Peyrin, and Yannick Seurin. The Deoxys AEAD Family. Journal of Cryptology, 34(3):31, July 2021. DOI: 10.1007/s00145-021-09397-w
Elif Bilge Kavun, Hristina Mihajloska, and Tolga Yalçin. A Survey on Authenticated Encryption-ASIC Designer's Perspective. ACM Comput. Surv., 50(6):88:1–88:21, 2018. DOI: 10.1145/3131276
Ted Krovetz and Phillip Rogaway. The Software Performance of Authenticated-Encryption Modes. In Antoine Joux, editor, FSE 2011, volume 6733 of LNCS, pages 306–327. February 2011. Springer, Heidelberg. DOI: 10.1007/978-3-642-21702-9_18
Rongjia Li and Chenhui Jin. Meet-in-the-middle attacks on round-reduced tweakable block cipher Deoxys-BC. IET Inf. Secur., 13(1):70–75, 2019. DOI: 10.1049/iet-ifs.2018.5091
Atul Luykx, Bart Mennink, and Kenneth G. Paterson. Analyzing Multi-key Security Degradation. In Tsuyoshi Takagi and Thomas Peyrin, editors, ASIACRYPT 2017, Part II, volume 10625 of LNCS, pages 575–605. December 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-70697-9_20
Atul Luykx, Bart Preneel, Elmar Tischhauser, and Kan Yasuda. A MAC Mode for Lightweight Block Ciphers. In Thomas Peyrin, editor, FSE 2016, volume 9783 of LNCS, pages 43–59. March 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-52993-5_3
Moses Liskov, Ronald L. Rivest, and David Wagner. Tweakable Block Ciphers. Journal of Cryptology, 24(3):588–613, July 2011. DOI: 10.1007/s00145-010-9073-y
Nicky Mouha and Atul Luykx. Multi-key Security: The Even-Mansour Construction Revisited. In Rosario Gennaro and Matthew J. B. Robshaw, editors, CRYPTO 2015, Part I, volume 9215 of LNCS, pages 209–223. August 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-47989-6_10
Farokhlagha Moazami, Alireza Mehrdad, and Hadi Soleimany. Impossible Differential Cryptanalysis on Deoxys-BC-256. ISC Int. J. Inf. Secur., 10(2):93–105, 2018. DOI: 10.22042/isecure.2018.114245.405
Yusuke Naito and Takeshi Sugawara. Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers. IACR TCHES, 2020(1):66–94, 2019. DOI: 10.13154/tches.v2020.i1.66-94
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara. Lightweight Authenticated Encryption Mode Suitable for Threshold Implementation. In Anne Canteaut and Yuval Ishai, editors, EUROCRYPT 2020, Part II, volume 12106 of LNCS, pages 705–735. May 2020. Springer, Heidelberg. DOI: 10.1007/978-3-030-45724-2_24
Yusuke Naito, Yu Sasaki, and Takeshi Sugawara. LM-DAE: Low-Memory Deterministic Authenticated Encryption for 128-bit Security. IACR Trans. Symm. Cryptol., 2020(4):1–38, 2020. DOI: 10.46586/tosc.v2020.i4.1-38
Jacques Patarin. The “Coefficients H” Technique (Invited Talk). In Roberto Maria Avanzi, Liam Keliher, and Francesco Sica, editors, SAC 2008, volume 5381 of LNCS, pages 328–345. August 2009. Springer, Heidelberg. DOI: 10.1007/978-3-642-04159-4_21
Kenneth G. Paterson, Bertram Poettering, and Jacob C. N. Schuldt. Plaintext Recovery Attacks Against WPA/TKIP. In Carlos Cid and Christian Rechberger, editors, FSE 2014, volume 8540 of LNCS, pages 325–349. March 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-46706-0_17
Thomas Peyrin and Yannick Seurin. Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers. In Matthew Robshaw and Jonathan Katz, editors, CRYPTO 2016, Part I, volume 9814 of LNCS, pages 33–63. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-662-53018-4_2
Lingyue Qin, Xiaoyang Dong, Anyu Wang, Jialiang Hua, and Xiaoyun Wang. Mind the TWEAKEY Schedule: Cryptanalysis on SKINNYe-64-256. In Shweta Agrawal and Dongdai Lin, editors, ASIACRYPT 2022, Part I, volume 13791 of LNCS, pages 287–317. December 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-22963-3_10
Phillip Rogaway, Mihir Bellare, John Black, and Ted Krovetz. OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. In Michael K. Reiter and Pierangela Samarati, editors, ACM CCS 2001, pages 196–205. November 2001. ACM Press. DOI: 10.1145/501983.502011
Phillip Rogaway. Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In Pil Joong Lee, editor, ASIACRYPT 2004, volume 3329 of LNCS, pages 16–31. December 2004. Springer, Heidelberg. DOI: 10.1007/978-3-540-30539-2_2
Phillip Rogaway and Thomas Shrimpton. A Provable-Security Treatment of the Key-Wrap Problem. In Serge Vaudenay, editor, EUROCRYPT 2006, volume 4004 of LNCS, pages 373–390. 2006. Springer, Heidelberg. DOI: 10.1007/11761679_23
Yu Sasaki. Improved Related-Tweakey Boomerang Attacks on Deoxys-BC. In Antoine Joux, Abderrahmane Nitaj, and Tajjeeddine Rachidi, editors, AFRICACRYPT 18, volume 10831 of LNCS, pages 87–106. May 2018. Springer, Heidelberg. DOI: 10.1007/978-3-319-89339-6_6
R. Schroeppel. Hasty Pudding Cipher. 1998.
Yaobin Shen, Lei Wang, Dawu Gu, and Jian Weng. Revisiting the Security of DbHtS MACs: Beyond-Birthday-Bound in the Multi-user Setting. In Tal Malkin and Chris Peikert, editors, CRYPTO 2021, Part III, volume 12827 of LNCS, pages 309–336, Virtual Event. August 2021. Springer, Heidelberg. DOI: 10.1007/978-3-030-84252-9_11
Ling Song, Qianqian Yang, Yincen Chen, Lei Hu, and Jian Weng. Probabilistic Extensions: A One-Step Framework for Finding Rectangle Attacks and Beyond. In Marc Joye and Gregor Leander, editors, EUROCRYPT 2024, Part I, volume 14651 of LNCS, pages 339–367. May 2024. Springer, Heidelberg. DOI: 10.1007/978-3-031-58716-0_12
Stefano Tessaro. Optimally Secure Block Ciphers from Ideal Primitives. In Tetsu Iwata and Jung Hee Cheon, editors, ASIACRYPT 2015, Part II, volume 9453 of LNCS, pages 437–462. 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-48800-3_18
Mathy Vanhoef and Frank Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, ACM CCS 2017, pages 1313–1328. 2017. ACM Press. DOI: 10.1145/3133956.3134027
Mathy Vanhoef and Frank Piessens. Release the Kraken: New KRACKs in the 802.11 Standard. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, ACM CCS 2018, pages 299–314. October 2018. ACM Press. DOI: 10.1145/3243734.3243807
Haoyang Wang and Thomas Peyrin. Boomerang Switch in Multiple Rounds. IACR Trans. Symm. Cryptol., 2019(1):142–169, 2019. DOI: 10.13154/tosc.v2019.i1.142-169
Boxin Zhao, Xiaoyang Dong, and Keting Jia. New Related-Tweakey Boomerang and Rectangle Attacks on Deoxys-BC Including BDT Effect. IACR Trans. Symm. Cryptol., 2019(3):121–151, 2019. DOI: 10.13154/tosc.v2019.i3.121-151
Boxin Zhao, Xiaoyang Dong, Keting Jia, and Willi Meier. Improved Related-Tweakey Rectangle Attacks on Reduced-Round Deoxys-BC-384 and Deoxys-I-256-128. In Feng Hao, Sushmita Ruj, and Sourav Sen Gupta, editors, INDOCRYPT 2019, volume 11898 of LNCS, pages 139–159. December 2019. Springer, Heidelberg. DOI: 10.1007/978-3-030-35423-7_7
Rui Zong, Xiaoyang Dong, and Xiaoyun Wang. Related-tweakey impossible differential attack on reduced-round Deoxys-BC-256. Sci. China Inf. Sci., 62(3):32102:1–32102:12, 2019. DOI: 10.1007/s11432-017-9382-2

PDFPDF Open access

Submitted: 2024-04-08
Accepted: 2024-06-03
Published: 2024-07-08
How to cite

Benoît Cogliati, Jérémy Jean, Thomas Peyrin, and Yannick Seurin, "A Long Tweak Goes a Long Way: High Multi-user Security Authenticated Encryption from Tweakable Block Ciphers," IACR Communications in Cryptology, vol. 1, no. 2, Jul 08, 2024, doi: 10.62056/a3qjp2fgx.


Copyright is held by the author(s)

This work is licensed under a Creative Commons Attribution (CC BY) license.