Paper 2021/1340

TEDT2 - Highly Secure Leakage-resilient TBC-based Authenticated Encryption

Eik List

Abstract

Leakage-resilient authenticated encryption (AE) schemes received considerable attention during the previous decade. Two core security models of bounded and unbounded leakage have evolved, where the latter has been motivated in a very detailed and practice-oriented manner. In that setting, designers often build schemes based on (tweakable) block ciphers due to the small state size, such as the recent two-pass AE scheme TEDT from TCHES 1/2020. TEDT is interesting due to its high security guarantees of O(n - log(n^2))-bit integrity under leakage and similar AE security in the black-box setting. Though, a detail limited it to provide only n/2-bit privacy under leakage. In this work, we extend TEDT to TEDT2 in three aspects with the help of a tweakable block cipher with a 3n-bit tweakey: we (1) adopt the idea from the design team of Romulus of replacing TEDT's previous internal hash function with Naito's MDPH, (2) move the nonce from the hash to the tag-generation function both for more efficiency, and (3) strengthen the security of the encryption to obtain beyond-birthday-bound security also under leakage.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
Symmetric-key cryptographyauthenticated encryptionprovable securityleakage resilience
Contact author(s)
eik list @ uni-weimar de
History
2021-10-05: received
Short URL
https://ia.cr/2021/1340
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1340,
      author = {Eik List},
      title = {TEDT2 - Highly Secure Leakage-resilient TBC-based Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1340},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1340}},
      url = {https://eprint.iacr.org/2021/1340}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.