2017
DOI: 10.46586/tosc.v2017.i2.1-26
|View full text |Cite
|
Sign up to set email alerts
|

Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security

Abstract: Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a plaintext). However, the existing efficient blockcipher-based TBCs are secure up to the birthday bound, where the underlying keyed blockcipher is a secure strong pseudorandom permutation. Existing blockcipher-based AE schemes with beyond-birthday-bound (BBB) security are not efficient, that is, a blockcipher is c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 20 publications
(8 citation statements)
references
References 26 publications
0
8
0
Order By: Relevance
“…From the perspective of the design idea, at the beginning, COPA-PIC is designed in terms of tweakable blockciphers (TBCs), as TBC-based AE modes have more advantages than AE modes based on other primitives; particularly, their structure is clear and their proof is simple [19,22,[28][29][30][31]. In addition, TBCs can also be constructed by distinct primitives.…”
Section: Our Contributionsmentioning
confidence: 99%
“…From the perspective of the design idea, at the beginning, COPA-PIC is designed in terms of tweakable blockciphers (TBCs), as TBC-based AE modes have more advantages than AE modes based on other primitives; particularly, their structure is clear and their proof is simple [19,22,[28][29][30][31]. In addition, TBCs can also be constructed by distinct primitives.…”
Section: Our Contributionsmentioning
confidence: 99%
“…Here, K is an intermediate block cipher key determined by all but the last eight bits of the nonce, and Y is generated using K with the tweakable block cipher of Liskov, Rivest and Wagner used in counter mode with the last eight bits of the nonce as the initialization vector [7]. This is essentially using Naito's XKX beyond-birthday bound tweakable block cipher construction in counter-mode with a performance enhancement [8]. The XKX construction rekeys the block cipher for every nonce.…”
Section: Hashstream Constructionsmentioning
confidence: 99%
“…This construction, however, suffers too badly from a birthday bound. To improve security, we adopt the strategy, reported by Naito, of changing the block cipher key with changes in the nonce [8]. To avoid updating the internal block cipher key with every application of Hashstream, we only update it when there are changes to the nonce outside the low eight bits.…”
Section: Hashstream Securitymentioning
confidence: 99%
See 1 more Smart Citation
“…In addition, on-the-fly key scheduling should be implemented in resource-constrained devices because offline key scheduling implementation requires additional memory to store expanded round keys. Moreover, on-thefly key scheduling is sometimes more important when implementing block cipher with a tweak [4] (e.g., used in authenticated encryption), in some of which temporal key is generated using a master key and a tweak unique for each block [5], [6]. Thus, it would be valuable to develop efficient AES architectures with on-the-fly key scheduling without block-wise pipelining techniques.…”
Section: Introductionmentioning
confidence: 99%