You are looking at a specific version 20160903:182510 of this paper. See the latest version.

Paper 2015/485

Turning Online Ciphers Off

Elena Andreeva and Guy Barwell and Ritam Bhaumik and Mridul Nandi and Dan Page and Martijn Stam

Abstract

CAESAR has caused a heated discussion regarding the merits of one-pass encryption and online ciphers. The latter is a keyed, length preserving function which outputs ciphertext blocks as soon as the respective plaintext block is available as input. The immediacy of an online cipher gives a clear performance advantage, yet it comes at a price. Since ciphertext blocks cannot depend on later plaintext blocks, diffusion and hence security is limited. We show how one can attain the best of both worlds by providing provably secure constructions, achieving full cipher security, based on applications of an online cipher around blockwise reordering layers. Explicitly, we show that with just two calls to the online cipher, PRP security up to the birthday bound is both attainable and maximal. Moreover, we demonstrate that three calls to the online cipher suffice to obtain beyond birthday bound security. We provide a full proof of this for a PRP construction, and, in the ±PRP setting, security against adversaries who make queries of any single length. As part of our investigation, we extend an observation by Rogaway and Zhang by further highlighting the close relationship between online ciphers and tweakable blockciphers with variable-length tweaks.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
beyond birthday boundonline ciphersmodes of operationprovable securitypseudorandom permutationtweakable blockcipher
Contact author(s)
guy barwell+TOCO @ bristol ac uk
History
2017-05-25: last of 3 revisions
2015-05-21: received
See all versions
Short URL
https://ia.cr/2015/485
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.