Cryptology ePrint Archive: Report 2015/999
Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption
Robert Granger and Philipp Jovanovic and Bart Mennink and Samuel Neves
Abstract: A popular approach to tweakable blockcipher design is via masking, where a certain primitive (a blockcipher or a permutation) is preceded and followed by an easy-to-compute tweak-dependent mask. In this work, we revisit the principle of masking. We do so alongside the introduction of the tweakable Even-Mansour construction MEM. Its masking function combines the advantages of word-oriented LFSR- and powering-up-based methods. We show in particular how recent advancements in computing discrete logarithms over finite fields of characteristic 2 can be exploited in a constructive way to realize highly efficient, constant-time masking functions. If the masking satisfies a set of simple conditions, then MEM is a secure tweakable blockcipher up to the birthday bound. The strengths of MEM are exhibited by the design of fully parallelizable authenticated encryption schemes OPP (nonce-respecting) and MRO (misuse-resistant). If instantiated with a reduced-round BLAKE2b permutation, OPP and MRO achieve speeds up to 0.55 and 1.06 cycles per byte on the Intel Haswell microarchitecture, and are able to
significantly outperform their closest competitors.
Category / Keywords: Tweakable Even-Mansour, masking, optimization, discrete logarithms, authenticated encryption, BLAKE2
Original Publication (with major differences): IACR-EUROCRYPT-2016
Date: received 14 Oct 2015, last revised 2 Mar 2016
Contact author: philipp jovanovic at epfl ch
Available format(s): PDF | BibTeX Citation
Note: Full version of the EUROCRYPT 2016 paper.
Version: 20160302:180918 (All versions of this report)
Short URL: ia.cr/2015/999
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]