Paper 2022/1340

Understanding the Duplex and Its Security

Bart Mennink, Radboud University Nijmegen

At SAC 2011, Bertoni et al. introduced the keyed duplex construction as a tool to build permutation based authenticated encryption schemes. The construction was generalized to full-state absorption by Mennink et al. (ASIACRYPT 2015). Daemen et al. (ASIACRYPT 2017) generalized it further to cover much more use cases, and proved security of this general construction, and Dobraunig and Mennink (ASIACRYPT 2019) derived a leakage resilience security bound for this construction. Due to its generality, the full-state keyed duplex construction that we know today has plethora applications, but the flip side of the coin is that the general construction is hard to grasp and the corresponding security bounds are very complex. Consequently, the state-of-the-art results on the full-state keyed duplex construction are not used to the fullest. In this work, we revisit the history of the duplex construction, give a comprehensive discussion of its possibilities and limitations, and demonstrate how the two security bounds (of Daemen et al. and Dobraunig and Mennink) can be interpreted in particular applications of the duplex.

Note: 21/10/2022: three minor changes. 24/02/2023: minor improvements. 23/05/2023: final version ToSC.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in TOSC 2023
spongeduplexpermutationapplicationsMACauthenticated encryption
Contact author(s)
b mennink @ cs ru nl
2023-05-23: last of 3 revisions
2022-10-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Bart Mennink},
      title = {Understanding the Duplex and Its Security},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1340},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.