Paper 2018/819
ZCZ - Achieving n-bit SPRP Security with a Minimal Number of Tweakable-block-cipher Calls
Ritam Bhaumik, Eik List, and Mridul Nandi
Abstract
Strong Pseudo-random Permutations (SPRPs) are important for various applications. In general, it is desirable to base an SPRP on a single-keyed primitive for minimizing the implementation costs. For constructions built on classical block ciphers, Nandi showed at ASIACRYPT'15 that at least two calls to the primitive per processed message block are required for SPRP security, assuming that all further operations are linear. The ongoing trend of using tweakable block ciphers as primitive has already led to MACs or encryption modes with high security and efficiency properties. Thus, three interesting research questions are hovering in the domain of SPRPs: (1) if and to which extent the bound of two calls per block can be reduced with a tweakable block cipher, (2) how concrete constructions could be realized, and (3) whether full
Note: Revised the proofs of the bad events. Added details of an instantiation and its implementation Changed to major differences from the proceedings verison
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in ASIACRYPT 2018
- Keywords
- n-bit securitybeyond birthday boundtweakable blockciphersprpzhash
- Contact author(s)
- bhaumik ritam @ gmail com
- History
- 2018-10-15: revised
- 2018-09-06: received
- See all versions
- Short URL
- https://ia.cr/2018/819
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/819, author = {Ritam Bhaumik and Eik List and Mridul Nandi}, title = {{ZCZ} - Achieving n-bit {SPRP} Security with a Minimal Number of Tweakable-block-cipher Calls}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/819}, year = {2018}, url = {https://eprint.iacr.org/2018/819} }