Paper 2022/1670

Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher

Shoichi Hirose, University of Fukui
Kazuhiko Minematsu, NEC (Japan), Yokohama National University

Facebook introduced message franking to enable users to report abusive content verifiably in end-to-end encrypted messaging. Grubbs et al. formalized the underlying primitive called compactly committing authenticated encryption with associated data (ccAEAD) and presented schemes with provable security. Dodis et al. proposed a core building block called encryptment and presented a generic construction of ccAEAD with encryptment and standard AEAD. This paper first proposes to use a tweakable block cipher instead of AEAD for the generic construction of Dodis et al. In the security analysis of the proposed construction, its ciphertext integrity is shown to require a new but feasible assumption on the ciphertext integrity of encryptment. Then, this paper formalizes remotely keyed ccAEAD (RK ccAEAD) and shows that the proposed construction works as RK ccAEAD. Finally, the confidentiality of the proposed construction as RK ccAEAD is shown to require a new variant of confidentiality for encryptment. The problem of remotely keyed encryption was posed by Blaze in 1996. It is now related to the problem of designing a cryptographic scheme using a trusted module and/or with leakage resiliency.

Available format(s)
Secret-key cryptography
Publication info
Authenticated encryption Commitment Tweakable block cipher Remotely keyed encryption
Contact author(s)
hrs_shch @ u-fukui ac jp
k-minematsu @ nec com
2022-12-02: approved
2022-12-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shoichi Hirose and Kazuhiko Minematsu},
      title = {Compactly Committing Authenticated Encryption Using Encryptment and Tweakable Block Cipher},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1670},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.