Abstract
In this work, we propose a construction of 2-round tweakable substitutionpermutation networks using a single secret S-box. This construction is based on non-linear permutation layers using independent round keys, and achieves security beyond the birthday bound in the random permutation model. When instantiated with an n-bit block cipher with ωn-bit keys, the resulting tweakable block cipher, dubbed CTET+, can be viewed as a tweakable enciphering scheme that encrypts ωκ-bit messages for any integer ω ≥ 2 using 5n + κ-bit keys and n-bit tweaks, providing 2n/3-bit security.Compared to the 2-round non-linear SPN analyzed in [CDK+18], we both minimize it by requiring a single permutation, and weaken the requirements on the middle linear layer, allowing better performance. As a result, CTET+ becomes the first tweakable enciphering scheme that provides beyond-birthday-bound security using a single permutation, while its efficiency is still comparable to existing schemes including AES-XTS, EME, XCB and TET. Furthermore, we propose a new tweakable enciphering scheme, dubbed AES6-CTET+, which is an actual instantiation of CTET+ using a reduced round AES block cipher as the underlying secret S-box. Extensivecryptanalysis of this algorithm allows us to claim 127 bits of security.Such tweakable enciphering schemes with huge block sizes become desirable in the context of disk encryption, since processing a whole sector as a single block significantly worsens the granularity for attackers when compared to, for example, AES-XTS, which treats every 16-byte block on the disk independently. Besides, as a huge amount of data is being stored and encrypted at rest under many different keys in clouds, beyond-birthday-bound security will most likely become necessary in the short term.
Highlights
IntroductionBlock ciphers are mainly built around a complex function or permutation on a small domain, which is extended to a keyed permutation on a larger domain by iterating simple rounds
We focus on the security of two-round Substitution-Permutation Networks (SPNs) using a single S-box, where the S-box is modeled as a secret random permutation
We propose an actual instantiation dubbed AES6-CTET+, which uses the block cipher AES-128 reduced to 6 rounds as an underlying S-Box
Summary
Block ciphers are mainly built around a complex function or permutation on a small domain, which is extended to a keyed permutation on a larger domain by iterating simple rounds. This is usually achieved by relying on generic structures, which are often either Feistel networks or Substitution-Permutation Networks (SPNs). SPNs can be used to design a block cipher with message space {0, 1}wn from a small number of n-bit permutations as follows: Licensed under Creative Commons License CC-BY 4.0. – apply a keyed permutation layer to the whole wn-bit state;. After the last round, apply a keyed permutation layer to the whole wn-bit state. In order to study the security of those algorithms, it is customary to prove the soundness of the high-level structure in a relevant security model
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.