Paper 2024/2049

BBB Secure Arbitrary Length Tweak TBC from n-bit Block Ciphers

Arghya Bhattacharjee, University of Luxembourg, Luxembourg
Ritam Bhaumik, EPFL, Lausanne, Switzerland, Technology Innovation Institute, Abu Dhabi, United Arab Emirates
Nilanjan Datta, Institute for Advancing Intelligence, TCG-CREST, Kolkata, India
Avijit Dutta, Institute for Advancing Intelligence, TCG-CREST, Kolkata, India
Shibam Ghosh, INRIA, Paris, France
Sougata Mandal, Institute for Advancing Intelligence, TCG-CREST, Kolkata, India, Ramakrishna Mission Vivekananda Educational and Research Institute, Belur, India
Abstract

At FSE'15, Mennink introduced the concept of designing beyond-the-birthday bound secure tweakable block cipher from an ideal block cipher. They proposed two tweakable block ciphers and that accepts -bit tweak using a block cipher of -bit key and -bit data. Mennink proved that the constructions achieve security up to and queries, respectively, assuming the underlying block cipher is ideal. Later, at ASIACRYPT'16, Wang et al. proposed a class of new tweakable block ciphers derived from -bit ideal block ciphers that achieve optimal security, i.e., security up to queries. The proposed designs by both Mennink and Wang et al. admit only -bit tweaks. In FSE'23, Shen and Standaert proposed a tweakable block cipher that accepts -bit tweaks and achieves security up to queries. Their construction uses three block cipher calls, which was shown to be optimal for beyond-birthday-bound secure tweakable block ciphers accepting -bit tweaks. In this paper, we extend this line of research and consider designing tweakable block cipher supporting -bit tweaks from ideal block cipher. First, we show that there is a generic birthday-bound distinguishing attack on any such design with three block cipher calls if any of the block cipher keys are tweak-independent. We then propose a tweakable block cipher , which leverages three block cipher calls with each key being dependent on tweak. We demonstrate that achieve security up to queries. Furthermore, we extend this result and propose an optimally secure construction, dubbed , that uses four ideal block cipher calls with only one tweak-dependent key. Finally, we generalize this and propose an optimally secure tweakable block cipher that processes -bit tweaks using block cipher invocations with only one tweak-dependent block cipher key. Our experimental evaluation asserts that ZMAC instantiated with and (i.e., with ) performs better than all the existing ideal cipher based TBC candidates.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Tweakable Block CipherOptimal SecurityBeyond Birthday BoundIdeal Cipher ModelH-Coefficient Technique
Contact author(s)
bhattacharjeearghya29 @ gmail com
bhaumik ritam @ gmail com
nilanjan datta @ tcgcrest org
avirocks dutta13 @ gmail com
shibam ghosh @ inria fr
sougatamandal2014 @ gmail com
History
2025-03-03: revised
2024-12-19: received
See all versions
Short URL
https://ia.cr/2024/2049
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/2049,
      author = {Arghya Bhattacharjee and Ritam Bhaumik and Nilanjan Datta and Avijit Dutta and Shibam Ghosh and Sougata Mandal},
      title = {{BBB} Secure Arbitrary Length Tweak {TBC} from n-bit Block Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/2049},
      year = {2024},
      url = {https://eprint.iacr.org/2024/2049}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.