Paper 2023/924

Generalized Initialization of the Duplex Construction

Christoph Dobraunig, Intel (United States)
Bart Mennink, Radboud University Nijmegen
Abstract

The duplex construction is already well analyzed with many papers proving its security in the random permutation model. However, so far, the first phase of the duplex, where the state is initialized with a secret key and an initialization vector ($\mathit{IV}$), is typically analyzed in a worst case manner. More detailed, it is always assumed that the adversary is allowed to choose the $\mathit{IV}$ on its will. In this paper, we analyze how the security changes if restrictions on the choice of the $\mathit{IV}$ are imposed, varying from the global nonce case over the random $\mathit{IV}$ case to the $\mathit{IV}$ on key case. The last one, in particular, is the duplex analogue of the use of a nonce masked with a secret in AES-GCM in TLS 1.3. We apply our findings to duplex-based encryption and authenticated encryption, and discuss the practical applications of our results.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
symmetric cryptographyduplex constructioninitialization vectornonce
Contact author(s)
christoph dobraunig @ intel com
b mennink @ cs ru nl
History
2023-06-14: approved
2023-06-13: received
See all versions
Short URL
https://ia.cr/2023/924
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/924,
      author = {Christoph Dobraunig and Bart Mennink},
      title = {Generalized Initialization of the Duplex Construction},
      howpublished = {Cryptology ePrint Archive, Paper 2023/924},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/924}},
      url = {https://eprint.iacr.org/2023/924}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.