Paper 2024/084

Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption

Christoph Dobraunig, Intel (United States)
Krystian Matusiewicz, Intel (Poland)
Bart Mennink, Radboud University Nijmegen
Alexander Tereschenko, Intel (Poland)
Abstract

A tweakable wide blockcipher is a construction which behaves in the same way as a tweakable blockcipher, with the difference that the actual block size is flexible. Due to this feature, a tweakable wide blockcipher can be directly used as a strong encryption scheme that provides full diffusion when encrypting plaintexts to ciphertexts and vice versa. Furthermore, it can be the basis of authenticated encryption schemes fulfilling the strongest security notions. In this paper, we present three instantiations of the docked double decker tweakable wide blockcipher: $\mathit{ddd}\text{-}\mathit{AES}$, $\mathit{ddd}\text{-}\mathit{AES}^+$, and $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$. These instances exclusively use similar building blocks as AES-GCM (AES and finite field multiplication), are designed for maximal parallelism, and hence, can make efficient use of existing hardware accelerators. $\mathit{ddd}\text{-}\mathit{AES}$ is a birthday bound secure scheme, and $\mathit{ddd}\text{-}\mathit{AES}^+$ is an immediate generalization to allow for variable length tweaks. $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$ achieves security beyond the birthday bound provided that the same tweak is not used too often. Moreover, $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$ builds upon a novel conditionally beyond birthday bound secure pseudorandom function, a tweakable variant of the XOR of permutations, facilitating in the need to include a tweak in the AES evaluations without sacrificing flexibility in docked double decker. We furthermore introduce an authenticated encryption mode $\mathit{aaa}$ specifically tailored to be instantiated with $\mathit{ddd}\text{-}\mathit{AES}$ and $\mathit{bbb}\text{-}\mathit{ddd}\text{-}\mathit{AES}$, where special attention is given to how the nonce and associated data can be processed. We prove that this mode is secure in the nonce-respecting setting, in the nonce-misuse setting, as well as in the setting where random nonces are used.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
symmetric cryptographytweakable wide blockcipherdocked double deckertweakable XOR of permutations
Contact author(s)
christoph dobraunig @ intel com
krystian matusiewicz @ intel com
b mennink @ cs ru nl
aleksandr v tereschenko @ intel com
History
2024-05-24: last of 2 revisions
2024-01-18: received
See all versions
Short URL
https://ia.cr/2024/084
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/084,
      author = {Christoph Dobraunig and Krystian Matusiewicz and Bart Mennink and Alexander Tereschenko},
      title = {Efficient Instances of Docked Double Decker With {AES}, and Application to Authenticated Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/084},
      year = {2024},
      url = {https://eprint.iacr.org/2024/084}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.