Abstract
Online ciphers, in spite of being insecure against an sprp adversary, can be desirable at places because of their ease of implementation and speed. Here we propose a single-keyed inverse-free construction that achieves online sprp security with an optimal number of blockcipher calls. We also include a partial block construction, without requiring any extra key.
Highlights
F is called a diblock-online strong pseudorandom permutation if it is strong pseudorandom in the class of all diblock-online permutations. (Note that the class of such permutations is infinite, making uniform sampling meaningless, so we assume the length of the inputs do not exceed 2nl, i.e., the number of diblocks cannot exceed some fixed cap l.) In such cases, we shall call the encryption scheme E dosprp-secure
When there are more than one diblocks, the last one maybe partial. (An incomplete diblock may consist of one complete block and one partial block, only one complete block or only one partial block.) Each plaintext diblock is processed using four Feistel rounds and one tweak that is obtained from processing the previous diblocks
Since we’re attempting an inverse-free construction, and there’s no known inverse-free mode to encrypt a single block, we settle for a diblock-online cipher instead
Summary
Real time applications of enciphering schemes often find it convenient to use a low buffer size and process the data in one pass, or what we call online. Bellare et al [BBKN12] introduced the notion of online prp, the highest possible randomness in online ciphers. Another important design aspect relevant today in designing blockcipher-based encryption modes are inverse-free encryption modes, i.e., designs that rely solely on the encryption circuit of the blockcipher both while encrypting and decrypting, never needing to call its decryption circuit These designs have numerous advantages, like requiring just a prf-secure blockcipher and a low footprint in a combined implementation. Luby and Rackoff gave a security proof of Feistel ciphers [LR88], and later the design was generalised to obtain inverse-free enciphering of longer messages [Nyb96]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callSimilar Papers
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
