Paper 2019/339

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers

Yusuke Naito and Takeshi Sugawara

Abstract

The use of a small block length is a common strategy when designing lightweight (tweakable) block ciphers (TBCs), and several $64$-bit primitives have been proposed. However, when such a $64$-bit primitive is used for an authenticated encryption with birthday-bound security, it has only $32$-bit data complexity, which is subject to practical attacks. To employ a short block length without compromising security, we propose PFB, a lightweight TBC-based authenticated encryption with associated data mode, which achieves beyond birthday-bound security. For this purpose, we extend iCOFB, which is originally defined with a tweakable random function. Unlike iCOFB, the proposed method can be instantiated with a TBC using a fixed tweak length and can handle variable-length data. Moreover, its security bound is improved and independent of the data length; this improves the key lifetime, particularly in lightweight blocks with a small size. The proposed method also covers a broader class of feedback functions because of the generalization presented in our proof. We evaluate the concrete hardware performances of PFB, which benefits from the small block length and shows particularly good performances in threshold implementation.

Note: [11/4/2019] fix several typos and update the appendix; [5/6/2019] change the security notions and add comparisons between FBAE and Romulus; [28/6/2019] update Sec.1.4; [14/10/2019] TCHES 2020 Issue 1 version.