Paper 2021/1441

Length-preserving encryption with HCTR2

Paul Crowley, Nathan Huckleberry, and Eric Biggers

Abstract

On modern processors HCTR is one of the most efficient constructions for building a tweakable super-pseudorandom permutation. However, a bug in the specification and another in Chakraborty and Nandi's security proof invalidate the claimed security bound. We here present HCTR2, which fixes these issues and improves the security bound, performance and flexibility. GitHub: https://github.com/google/hctr2

Note: Greater discussion of alternatives and some small clarifications - especially clarify the role of pointless queries in the proof. See https://github.com/google/hctr2/tags to compare precise differences.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
length-preserving encryptionsuper-pseudorandom permutationvariable input lengthtweakable encryptiondisk encryption
Contact author(s)
paulcrowley @ google com
nhuck @ google com
ebiggers @ google com
History
2022-01-24: revised
2021-10-27: received
See all versions
Short URL
https://ia.cr/2021/1441
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1441,
      author = {Paul Crowley and Nathan Huckleberry and Eric Biggers},
      title = {Length-preserving encryption with HCTR2},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1441},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1441}},
      url = {https://eprint.iacr.org/2021/1441}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.