Online Ciphers from Tweakable Blockciphers.

We simplify and generalize their work, showing that online ciphers are rather trivially constructed from tweakable blockciphers, a notion of Liskov, Rivest, and Wagner. ... We go on to show how to define and achieve online ciphers for settings in which messages need not be a multiple of n bits. ... Acknowledgments Many thanks for the perceptive comments from the anonymous referees. Our apologies that we have not expanded on points where this ought be done. ...

doi:10.1007/978-3-642-19074-2_16 fatcat:lkfig6uaijcrvhjeeckv7j6efm

As part of our investigation, we extend an observation by Rogaway and Zhang by further highlighting the close relationship between online ciphers and tweakable blockciphers with variable-length tweaks. ... CAESAR has caused a heated discussion regarding the merits of one-pass encryption and online ciphers. ... So, if an online cipher is distinguishable from the ideal online cipher, by applying f we see that the corresponding tweakable blockcipher is distinguishable from the ideal tweakable blockcipher, and vice ...

doi:10.13154/tosc.v2017.i2.105-142 dblp:journals/tosc/0001BBNPS17 fatcat:qvo5q632mjggjoqecwo23z2c74

DOAJ OJS

We consider the generic design of a tweakable blockcipher from one or more evaluations of a classical blockcipher, in such a way that all input and output wires are of size n bits. ... As a first contribution, we show that any tweakable blockcipher with one primitive call and arbitrary linear pre-and postprocessing functions can be distinguished from an ideal one with an attack complexity ... schemes and message authentication codes [2, 27, 41, 42] , and online ciphers [2, 44] . ...

doi:10.1007/978-3-662-48116-5_21 fatcat:ymtp7hvwwncbrgp5dwebmaaga4

As part of our investigation, we extend an observation by Rogaway and Zhang by further highlighting the close relationship between online ciphers and tweakable blockciphers with variable-length tweaks. ... CAESAR has caused a heated discussion regarding the merits of one-pass encryption and online ciphers. ... So, if an online cipher is distinguishable from the ideal online cipher, by applying f we see that the corresponding tweakable blockcipher is distinguishable from the ideal tweakable blockcipher, and vice ...

doi:10.46586/tosc.v2017.i2.105-142 fatcat:7722bkvrjbflrkdf6z4kwwfd6i

DOAJ OJS

., THEM) that turns a n-bit blockcipher into a variable-input-length cipher (resp., tweakable cipher) that acts on strings of [n..2n − 1] bits. ... We prove them secure in the sense of strong PRP and tweakable strong PRP, assuming the underlying blockcipher is a strong PRP. ... In particular, Rogaway and Zhang show how to turn such a VIL length-doubling tweakable cipher into an arbitrary-length-input online cipher [24] . ...

doi:10.1007/978-3-642-31284-7_7 fatcat:26yuridgynh5rchyaprysfcyu4

Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a ... Existing blockcipher-based AE schemes with beyond-birthday-bound (BBB) security are not efficient, that is, a blockcipher is called twice or more for each data block. ... . • Difference 1: The difference comes from the (in)dependence between online and offline queries. In World1, responses of online and offline queries are defined by using an ideal cipher. ...

doi:10.46586/tosc.v2017.i2.1-26 fatcat:7hacsjdldne5lmzuj5ljrbqrgi

DOAJ OJS

Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a ... almost xor universal hash function, and the hash value is xor-ed with the input and output blocks of a blockcipher with the nonce-dependent key (from Liskov et al.). ... . • Difference 1: The difference comes from the (in)dependence between online and offline queries. In World1, responses of online and offline queries are defined by using an ideal cipher. ...

doi:10.13154/tosc.v2017.i2.1-26 dblp:journals/tosc/000117 fatcat:kiiogdydxjd5hp75ubnfxk3fja

DOAJ OJS

In order to use these modes one needs to convert them from their original instantiation of being defined on binary blocks of data, to working on elememts in a large prime finite field. ... In analogy with tweakable blockciphers, we shall also consider PRFs. A tweakable PRF (tPRF) takes as additional input a tweak T chosen from a set of tweaks T , thus F : K × T × X → Y. ... Although OTR strictly speaking is a blockcipher mode of operation, Minematsu already presents OTR as a tweakable blockcipher mode of operation instantiated with a specific tweakable blockcipher. ...

doi:10.13154/tosc.v2017.i3.294-324 dblp:journals/tosc/RotaruSS17 fatcat:shef7sk2pba57kb5dy5nugrlia

DOAJ OJS

In order to use these modes one needs to convert them from their original instantiation of being defined on binary blocks of data, to working on elememts in a large prime finite field. ... In analogy with tweakable blockciphers, we shall also consider PRFs. A tweakable PRF (tPRF) takes as additional input a tweak T chosen from a set of tweaks T , thus F : K × T × X → Y. ... Although OTR strictly speaking is a blockcipher mode of operation, Minematsu already presents OTR as a tweakable blockcipher mode of operation instantiated with a specific tweakable blockcipher. ...

doi:10.46586/tosc.v2017.i3.294-324 fatcat:ums2prp45jhkpnulf2grrbfmwq

DOAJ OJS

A tweakable blockcipher (TBC) is an improved version of a conventional block cipher, which adds an extra input, called tweak, on the basis of a key and a plaintext. ... The tweakable Even-Mansour (TEM) cipher first presented by Cogliati et al. [1] is a permutation-based TBC, which is constructed from an r-tuple of n-bit permutations and a uniform almost-XORuniversal ( ... The supporting information is available online at info.scichina.com and link. springer.com. The supporting materials are published as submitted, without typesetting or editing. ...

doi:10.1007/s11432-018-9757-4 fatcat:pmq25xxravf65ddhzosuedm5qy

Online, inverse-free. Nonce-based AE security. Provably secure. Joltik [45] Tweakable blockcipher-based, proposes two modes (derive from TAE and CTR). Both fully parallelizable, online. ... Deoxys [44] Tweakable blockcipher-based, proposes two modes (derive from TAE [50] and CTR). Both fully parallelizable, online. Nonce-based AE security, MRAE. Provably secure. ...

doi:10.1515/tmmp-2016-0038 fatcat:vnvjfj73yvff7ovjqagtwdpena

Szczepanski

From January 10-15, 2016, the seminar 16021 in Symmetric Cryptography was held in Schloss Dagstuhl -Leibniz Center for Informatics. ... This proposal mainly consists in separately evaluating primitives (block ciphers, tweakable block ciphers, permutations, . . . ) from modes (sponge, OCB, . . . ). ... If the masking satisfies a set of simple conditions, then MEM is a secure tweakable blockcipher up to the birthday bound. ...

doi:10.4230/dagrep.6.1.34 dblp:journals/dagstuhl-reports/ArmknechtINP16 fatcat:3p4woms76ncrdm5hkd2iempk74

The ICM-KOA provides a conceptual bridge between ideal ciphers and tweakable blockciphers (TBC): blockcipher-based constructions secure in the ICM-KOA have TBC-based analogs that are secure under standard-model ... Unlike the ICM, results in the ICM-KOA are less brittle to current and future cryptanalytic results on the blockcipher used to instantiate the ideal cipher. ... Finally, the ICM-KOA provides a conceptual bridge between ideal ciphers and tweakable blockciphers (TBC). ...

doi:10.1007/978-3-662-53887-6_16 fatcat:6hzbulnrfjaflmjj32spfgxozu

The same masking techniques can also be used for permutation-based tweakable blockciphers. ... Characteristic for the majority of blockcipher-based AE schemes is that they rely on a tweakable blockcipher where changes in the tweak can be realized efficiently. ... Masked Even-Mansour (MEM) Tweakable Cipher As a first contribution, we revisit the state of the art in masking with the introduction of the "Masked Even-Mansour" tweakable blockcipher in Section 3. ...

doi:10.1007/978-3-662-49890-3_11 fatcat:7hajg3rx7zcfblb4hkyayncs6y

In this paper, we present a generic construction to create a secure tweakable block cipher from a secure block cipher. ... Our construction is very natural, requiring four calls to the underlying block cipher for each call of the tweakable block cipher. ... We would also like to thank the reviewers from Designs, Codes and Cryptography for their helpful comments. ...

doi:10.1007/s10623-018-0471-8 fatcat:fx5mklk75bcopbpdsbgasho4n4

Online Ciphers from Tweakable Blockciphers [chapter]

Preserved Fulltext

Turning Online Ciphers Off

Preserved Fulltext

Optimally Secure Tweakable Blockciphers [chapter]

Preserved Fulltext

Turning Online Ciphers Off

Preserved Fulltext

Length-Doubling Ciphers and Tweakable Ciphers [chapter]

Preserved Fulltext

Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security

Preserved Fulltext

Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security

Preserved Fulltext

Modes of Operation Suitable for Computing on Encrypted Data

Preserved Fulltext

Modes of Operation Suitable for Computing on Encrypted Data

Preserved Fulltext

Multi-user security of the tweakable Even-Mansour cipher

Preserved Fulltext

The State of the Authenticated Encryption

Preserved Fulltext

Symmetric Cryptography (Dagstuhl Seminar 16021)

Preserved Fulltext

Salvaging Weak Security Bounds for Blockcipher-Based Constructions [chapter]

Preserved Fulltext

Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption [chapter]

Preserved Fulltext

Tweaking a block cipher: multi-user beyond-birthday-bound security in the standard model

Preserved Fulltext