Paper 2024/084
Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption
Abstract
A tweakable wide blockcipher is a construction which behaves in the same way as a tweakable blockcipher, with the difference that the actual block size is flexible. Due to this feature, a tweakable wide blockcipher can be directly used as a strong encryption scheme that provides full diffusion when encrypting plaintexts to ciphertexts and vice versa. Furthermore, it can be the basis of authenticated encryption schemes fulfilling the strongest security notions. In this paper, we present three instantiations of the docked double decker tweakable wide blockcipher: $\mathit{ddd}\text{-}\mathit{AES}$, $\mathit{ddd}\text{-}\mathit{AES}^+$, and $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$. These instances exclusively use similar building blocks as AES-GCM (AES and finite field multiplication), are designed for maximal parallelism, and hence, can make efficient use of existing hardware accelerators. $\mathit{ddd}\text{-}\mathit{AES}$ is a birthday bound secure scheme, and $\mathit{ddd}\text{-}\mathit{AES}^+$ is an immediate generalization to allow for variable length tweaks. $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$ achieves security beyond the birthday bound provided that the same tweak is not used too often. Moreover, $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$ builds upon a novel conditionally beyond birthday bound secure pseudorandom function, a tweakable variant of the XOR of permutations, facilitating in the need to include a tweak in the AES evaluations without sacrificing flexibility in docked double decker. We furthermore introduce an authenticated encryption mode $\mathit{aaa}$ specifically tailored to be instantiated with $\mathit{ddd}\text{-}\mathit{AES}$ and $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$, where special attention is given to how the nonce and associated data can be processed. We prove that this mode is secure in the nonce-respecting setting, in the nonce-misuse setting, as well as in the setting where random nonces are used.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- symmetric cryptographytweakable wide blockcipherdocked double deckertweakable XOR of permutations
- Contact author(s)
-
christoph dobraunig @ intel com
krystian matusiewicz @ intel com
b mennink @ cs ru nl
aleksandr v tereschenko @ intel com - History
- 2024-05-24: last of 2 revisions
- 2024-01-18: received
- See all versions
- Short URL
- https://ia.cr/2024/084
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/084, author = {Christoph Dobraunig and Krystian Matusiewicz and Bart Mennink and Alexander Tereschenko}, title = {Efficient Instances of Docked Double Decker With {AES}, and Application to Authenticated Encryption}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/084}, year = {2024}, url = {https://eprint.iacr.org/2024/084} }