Cryptology ePrint Archive: Report 2019/339

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers

Yusuke Naito and Takeshi Sugawara

Abstract: The use of a small block length is a common strategy when designing lightweight (tweakable) block ciphers (TBCs), and several $64$-bit primitives have been proposed. However, when such a $64$-bit primitive is used for an authenticated encryption with birthday-bound security, it has only $32$-bit data complexity, which is subject to practical attacks. To employ a short block length without compromising security, we propose PFB, a lightweight TBC-based authenticated encryption with associated data mode, which achieves beyond birthday-bound security. For this purpose, we extend iCOFB, which is originally defined with a tweakable random function. Unlike iCOFB, the proposed method can be instantiated with a TBC using a fixed tweak length and can handle variable-length data. Moreover, its security bound is improved and independent of the data length; this improves the key lifetime, particularly in lightweight blocks with a small size. The proposed method also covers a broader class of feedback functions because of the generalization presented in our proof. We evaluate the concrete hardware performances of PFB, which benefits from the small block length and shows particularly good performances in threshold implementation.

Category / Keywords: secret-key cryptography / Authenticated encryption, beyond-birthday-bound security, tweakable block- cipher, lightweight, threshold implementation

Original Publication (in the same form): IACR-CHES-2020

Date: received 29 Mar 2019, last revised 14 Oct 2019

Contact author: Naito Yusuke at ce MitsubishiElectric co jp

Available format(s): PDF | BibTeX Citation

Note: [11/4/2019] fix several typos and update the appendix; [5/6/2019] change the security notions and add comparisons between FBAE and Romulus; [28/6/2019] update Sec.1.4; [14/10/2019] TCHES 2020 Issue 1 version.

Version: 20191014:114339 (All versions of this report)

Short URL: ia.cr/2019/339


[ Cryptology ePrint archive ]