Efficient Variants of TNT with BBB Security

Ritam Bhaumik; Wonseok Choi; Avijit Dutta; Cuauhtemoc Mancillas López; Hrithik Nandi; Yaobin Shen

Paper 2024/1237

Efficient Variants of TNT with BBB Security

Ritam Bhaumik

, Technology Innovation Institute, Abu Dhabi

Wonseok Choi

, Purdue University West Lafayette

Avijit Dutta

, Institute for Advancing Intelligence (IAI), TCG CREST, Academy of Scientific and Innovative Research (AcSIR)

Cuauhtemoc Mancillas López

, CINVESTAV-IPN

Hrithik Nandi

, Institute for Advancing Intelligence (IAI), TCG CREST, Ramakrishna Mission Vivekananda Educational and Research Institute, Belur

Yaobin Shen, Xiamen University

Abstract

At EUROCRYPT'20, Bao et al. have shown that three-round cascading of $\textsf{LRW1}$ construction, which they dubbed as $\textsf{TNT}$, is a strong tweakable pseudorandom permutation that provably achieves $2n/3$-bit security bound. Jha et al. showed a birthday bound distinguishing attack on $\textsf{TNT}$ and invalidated the proven security bound and proved a tight birthday bound security on the $\textsf{TNT}$ construction in EUROCRYPT'24. In a recent work, Datta et al. have shown that four round cascading of the $\textsf{LRW1}$ construction, which they dubbed as $\textsf{CLRW1}^4$ is a strong tweakable pseudorandom permutation that provably achieves $3n/4$-bit security. In this paper, we propose a variant of the $\textsf{TNT}$ construction, called $\textsf{b-TNT1}$, and proved its security up to $2^{3n/4}$ queries. However, unlike $\textsf{CLRW1}^4$, $\textsf{b-TNT1}$ requires three block cipher calls along with a field multiplication. Besides, we also propose another variant of the $\textsf{TNT}$ construction, called $\textsf{b-TNT2}$ and showed a similar security bound. Compared to $\textsf{b-TNT1}$, $\textsf{b-TNT2}$ requires four block cipher calls. Nevertheless, its execution of block cipher calls can be pipelined which makes it efficient over $\textsf{CLRW1}^4$. We have also experimentally verified that both $\textsf{b-TNT1}$ and $\textsf{b-TNT2}$ outperform $\textsf{CLRW1}^4$.

Note: This is the full version of the paper to appear in ProvSec 2024, with additional appendices.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published elsewhere. Minor revision. ProvSec 2024
Keywords: TBC Tweak-aNd-Tweak Cascaded LRW1 BBB Security Mirror Theory
Contact author(s): bhaumik ritam @ gmail com
choi935 @ purdue edu
avirocks dutta13 @ gmail com
cuauhtemoc mancillas83 @ gmail com
hrithik nandi 85 @ tcgcrest org
yaobins180 @ gmail com
History: 2024-08-05: revised; 2024-08-04: received; See all versions
Short URL: https://ia.cr/2024/1237
License: CC0

BibTeX

@misc{cryptoeprint:2024/1237,
      author = {Ritam Bhaumik and Wonseok Choi and Avijit Dutta and Cuauhtemoc Mancillas López and Hrithik Nandi and Yaobin Shen},
      title = {Efficient Variants of {TNT} with {BBB} Security},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1237},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1237}
}