Paper 2019/1389
Generic Attack on Iterated Tweakable FX Constructions
Ferdinand Sibleyras
Abstract
Tweakable block ciphers are increasingly becoming a common primitive to build new resilient modes as well as a concept for multiple dedicated designs. While regular block ciphers define a family of permutations indexed by a secret key, tweakable ones define a family of permutations indexed by both a secret key and a public tweak. In this work we formalize and study a generic framework for building such a tweakable block cipher based on regular block ciphers, the iterated tweakable FX construction, which includes many such previous constructions of tweakable block ciphers. Then we describe a cryptanalysis from which we can derive a provable security upper-bound for all constructions following this tweakable iterated FX strategy. Concretely, the cryptanalysis of r rounds of our generic construction based on n-bit block ciphers with \kap-bit keys requires O(2^{r(n + \kap)/(r+1)}) online and offline queries. For r = 2 rounds this interestingly matches the proof of the particular case of XHX2 by Lee and Lee (ASIACRYPT 2018) thus proving for the first time its tightness. In turn, the XHX and XHX2 proofs show that our generic cryptanalysis is information theoretically optimal for 1 and 2 rounds.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. CT-RSA
- Keywords
- TweakableBlock CipherProvable SecurityFXCryptanalysisOptimalityXHX2
- Contact author(s)
- ferdinand sibleyras @ inria fr
- History
- 2019-12-04: received
- Short URL
- https://ia.cr/2019/1389
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1389,
author = {Ferdinand Sibleyras},
title = {Generic Attack on Iterated Tweakable {FX} Constructions},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/1389},
year = {2019},
url = {https://eprint.iacr.org/2019/1389}
}
