### Generic Attack on Iterated Tweakable FX Constructions

Ferdinand Sibleyras

##### Abstract

Tweakable block ciphers are increasingly becoming a common primitive to build new resilient modes as well as a concept for multiple dedicated designs. While regular block ciphers define a family of permutations indexed by a secret key, tweakable ones define a family of permutations indexed by both a secret key and a public tweak. In this work we formalize and study a generic framework for building such a tweakable block cipher based on regular block ciphers, the iterated tweakable FX construction, which includes many such previous constructions of tweakable block ciphers. Then we describe a cryptanalysis from which we can derive a provable security upper-bound for all constructions following this tweakable iterated FX strategy. Concretely, the cryptanalysis of r rounds of our generic construction based on n-bit block ciphers with \kap-bit keys requires O(2^{r(n + \kap)/(r+1)}) online and offline queries. For r = 2 rounds this interestingly matches the proof of the particular case of XHX2 by Lee and Lee (ASIACRYPT 2018) thus proving for the first time its tightness. In turn, the XHX and XHX2 proofs show that our generic cryptanalysis is information theoretically optimal for 1 and 2 rounds.

##### Metadata
Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. CT-RSA
Keywords
TweakableBlock CipherProvable SecurityFXCryptanalysisOptimalityXHX2
Contact author(s)
ferdinand sibleyras @ inria fr
History
2019-12-04: received
Short URL
https://ia.cr/2019/1389
License

CC BY

BibTeX

@misc{cryptoeprint:2019/1389,
author = {Ferdinand Sibleyras},
title = {Generic Attack on Iterated Tweakable FX Constructions},
howpublished = {Cryptology ePrint Archive, Paper 2019/1389},
year = {2019},
note = {\url{https://eprint.iacr.org/2019/1389}},
url = {https://eprint.iacr.org/2019/1389}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.