Paper 2024/084

Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption

Christoph Dobraunig, Intel (United States)
Krystian Matusiewicz, Intel (Poland)
Bart Mennink, Radboud University Nijmegen
Alexander Tereschenko, Intel (Poland)

A tweakable wide blockcipher is a construction which behaves in the same way as a tweakable blockcipher, with the difference that the actual block size is flexible. Due to this feature, a tweakable wide blockcipher can be directly used as a strong encryption scheme that provides full diffusion when encrypting plaintexts to ciphertexts and vice versa. Furthermore, it can be the basis of authenticated encryption schemes fulfilling the strongest security notions. In this paper, we present two instantiations of the docked double decker tweakable wide blockcipher: $\mathit{ddd}\text{-}\mathit{AES}$ and $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$. Both instances exclusively use similar building blocks as AES-GCM (AES and finite field multiplication), are designed for maximal parallelism, and hence, can make efficient use of existing hardware accelerators. Moreover, $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$ builds upon a novel beyond birthday bound secure pseudorandom function, a tweakable variant of the XOR of permutations, facilitating in the need to include a tweak in the AES evaluations without sacrificing flexibility in docked double decker. We furthermore introduce an authenticated encryption mode $\mathit{aaa}$ specifically tailored to be instantiated with $\mathit{ddd}\text{-}\mathit{AES}$ and $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$, where special attentions is given to how the nonce and associated data can be processed. We prove that this mode is secure both in the nonce-respecting setting as well as in the setting where random nonces are used.

Available format(s)
Secret-key cryptography
Publication info
symmetric cryptographytweakable wide blockcipherdocked double deckertweakable XOR of permutations
Contact author(s)
christoph dobraunig @ intel com
krystian matusiewicz @ intel com
b mennink @ cs ru nl
aleksandr v tereschenko @ intel com
2024-02-16: revised
2024-01-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christoph Dobraunig and Krystian Matusiewicz and Bart Mennink and Alexander Tereschenko},
      title = {Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2024/084},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.