Cryptology ePrint Archive: Report 2019/1389

Generic Attack on Iterated Tweakable FX Constructions

Ferdinand Sibleyras

Abstract: Tweakable block ciphers are increasingly becoming a common primitive to build new resilient modes as well as a concept for multiple dedicated designs. While regular block ciphers define a family of permutations indexed by a secret key, tweakable ones define a family of permutations indexed by both a secret key and a public tweak. In this work we formalize and study a generic framework for building such a tweakable block cipher based on regular block ciphers, the iterated tweakable FX construction, which includes many such previous constructions of tweakable block ciphers. Then we describe a cryptanalysis from which we can derive a provable security upper-bound for all constructions following this tweakable iterated FX strategy. Concretely, the cryptanalysis of r rounds of our generic construction based on n-bit block ciphers with \kap-bit keys requires O(2^{r(n + \kap)/(r+1)}) online and offline queries. For r = 2 rounds this interestingly matches the proof of the particular case of XHX2 by Lee and Lee (ASIACRYPT 2018) thus proving for the first time its tightness. In turn, the XHX and XHX2 proofs show that our generic cryptanalysis is information theoretically optimal for 1 and 2 rounds.

Category / Keywords: secret-key cryptography / Tweakable, Block Cipher, Provable Security, FX, Cryptanalysis, Optimality, XHX2

Original Publication (in the same form): CT-RSA

Date: received 2 Dec 2019

Contact author: ferdinand sibleyras at inria fr

Available format(s): PDF | BibTeX Citation

Version: 20191204:081457 (All versions of this report)

Short URL: ia.cr/2019/1389


[ Cryptology ePrint archive ]