A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf
.
Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security
[chapter]
2017
Lecture Notes in Computer Science
Two types of tweakable blockciphers based on classical blockciphers have been presented over the last years: non-tweak-rekeyable and tweak-rekeyable, depending on whether the tweak may influence the key input to the underlying blockcipher. In the former direction, the best possible security is conjectured to be 2 σn/(σ+1) , where n is the size of the blockcipher and σ is the number of blockcipher calls. In the latter direction, Mennink and Wang et al. presented optimally secure schemes, but
doi:10.1007/978-3-319-63715-0_24
fatcat:syjt6k5fcnfypiakty6ovcpvga