Paper 2019/339

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers

Yusuke Naito and Takeshi Sugawara


The use of a small block length is a common strategy when designing lightweight (tweakable) block ciphers (TBCs), and several $64$-bit primitives have been proposed. However, when such a $64$-bit primitive is used for an authenticated encryption with birthday-bound security, it has only $32$-bit data complexity, which is subject to practical attacks. To employ a short block length without compromising security, we propose PFB, a lightweight TBC-based authenticated encryption with associated data mode, which achieves beyond birthday-bound security. For this purpose, we extend iCOFB, which is originally defined with a tweakable random function. Unlike iCOFB, the proposed method can be instantiated with a TBC using a fixed tweak length and can handle variable-length data. Moreover, its security bound is improved and independent of the data length; this improves the key lifetime, particularly in lightweight blocks with a small size. The proposed method also covers a broader class of feedback functions because of the generalization presented in our proof. We evaluate the concrete hardware performances of PFB, which benefits from the small block length and shows particularly good performances in threshold implementation.

Note: [11/4/2019] fix several typos and update the appendix; [5/6/2019] change the security notions and add comparisons between FBAE and Romulus; [28/6/2019] update Sec.1.4; [14/10/2019] TCHES 2020 Issue 1 version.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in TCHES 2020
Authenticated encryptionbeyond-birthday-bound securitytweakable block- cipherlightweightthreshold implementation
Contact author(s)
Naito Yusuke @ ce mitsubishielectric co jp
2019-10-14: last of 5 revisions
2019-04-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yusuke Naito and Takeshi Sugawara},
      title = {Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2019/339},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.