2016
DOI: 10.1007/978-3-662-49890-3_11
|View full text |Cite
|
Sign up to set email alerts
|

Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption

Abstract: Abstract.A popular approach to tweakable blockcipher design is via masking, where a certain primitive (a blockcipher or a permutation) is preceded and followed by an easy-to-compute tweak-dependent mask. In this work, we revisit the principle of masking. We do so alongside the introduction of the tweakable Even-Mansour construction MEM. Its masking function combines the advantages of word-oriented LFSRand powering-up-based methods. We show in particular how recent advancements in computing discrete logarithms … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
72
0

Year Published

2017
2017
2020
2020

Publication Types

Select...
6
3

Relationship

3
6

Authors

Journals

citations
Cited by 66 publications
(72 citation statements)
references
References 61 publications
0
72
0
Order By: Relevance
“…These constructions only achieve birthday bound security. A novel approach is to build tweakable blockciphers from public permutations, as is done by Sasaki et al [52], Cogliati et al [17,18], Granger et al [27], and Mennink [40]. This approach achieves comparable levels of security to the nontweak-rekeyable schemes of above, but the security analysis is inherently done in the ideal permutation model.…”
Section: Other Ways Of Tweakable Blockcipher Designmentioning
confidence: 99%
“…These constructions only achieve birthday bound security. A novel approach is to build tweakable blockciphers from public permutations, as is done by Sasaki et al [52], Cogliati et al [17,18], Granger et al [27], and Mennink [40]. This approach achieves comparable levels of security to the nontweak-rekeyable schemes of above, but the security analysis is inherently done in the ideal permutation model.…”
Section: Other Ways Of Tweakable Blockcipher Designmentioning
confidence: 99%
“…Further constructions related to TEM[r ], and to which our findings can be applied as well, are XPX [59], MEM [37], and a variant of TEM [4] with linear mixing [20].…”
Section: Note That Tem[r ] Is In Fact the Em[r ] Construction Where Tmentioning
confidence: 99%
“…, P r . This step costs at most r · Adv Further constructions related to LRW [1] include the XEX construction [71] and its generalizations [18,37,62], tweakable Feistel schemes [36,60], and tweakable blockciphers with tweak-dependent rekeying [58,61,63].…”
Section: Iterated Lrwmentioning
confidence: 99%
“…The most important difference between [31,60] and our work is that we explicitly target nonce-based designs, and this allows for beyond 2 c/2 security. The work has, to certain extent, furthermore triggered the use of permutations for nonce-reuse secure authenticated encryption schemes [29,44,59] beyond APE.…”
Section: Publication History and Subsequent Workmentioning
confidence: 99%