Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2016-07-21

AUTHORS

Thomas Peyrin , Yannick Seurin

ABSTRACT

We propose the Synthetic Counter-in-Tweak (\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document}) mode, which turns a tweakable block cipher into a nonce-based authenticated encryption scheme (with associated data). The \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document} mode combines in a SIV-like manner a Wegman-Carter MAC inspired from \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {PMAC}$$\end{document} for the authentication part and a new counter-like mode for the encryption part, with the unusual property that the counter is applied on the tweak input of the underlying tweakable block cipher rather than on the plaintext input. Unlike many previous authenticated encryption modes, \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document} enjoys provable security beyond the birthday bound (and even up to roughly \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^n$$\end{document} tweakable block cipher calls, where n is the block length, when the tweak length is sufficiently large) in the nonce-respecting scenario where nonces are never repeated. In addition, \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document} ensures security up to the birthday bound even when nonces are reused, in the strong nonce-misuse resistance sense (MRAE) of Rogaway and Shrimpton (EUROCRYPT 2006). To the best of our knowledge, this is the first authenticated encryption mode that provides at the same time close-to-optimal security in the nonce-respecting scenario and birthday-bound security for the nonce-misuse scenario. While two passes are necessary to achieve MRAE-security, our mode enjoys a number of desirable features: it is simple, parallelizable, it requires the encryption direction only, it is particularly efficient for small messages compared to other nonce-misuse resistant schemes (no precomputation is required) and it allows incremental update of associated data. More... »

PAGES

33-63

Book

TITLE

Advances in Cryptology – CRYPTO 2016

ISBN

978-3-662-53017-7
978-3-662-53018-4

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-662-53018-4_2

DOI

http://dx.doi.org/10.1007/978-3-662-53018-4_2

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1014940773


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "SPMS, NTU, Singapore, Singapore", 
          "id": "http://www.grid.ac/institutes/grid.59025.3b", 
          "name": [
            "SPMS, NTU, Singapore, Singapore"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Peyrin", 
        "givenName": "Thomas", 
        "id": "sg:person.011167161615.31", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011167161615.31"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Seurin", 
        "givenName": "Yannick", 
        "id": "sg:person.011724731171.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2016-07-21", 
    "datePublishedReg": "2016-07-21", 
    "description": "We propose the Synthetic Counter-in-Tweak (\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {SCT}$$\\end{document}) mode, which turns a tweakable block cipher into a nonce-based authenticated encryption scheme (with associated data). The \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {SCT}$$\\end{document} mode combines in a SIV-like manner a Wegman-Carter MAC inspired from \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {PMAC}$$\\end{document} for the authentication part and a new counter-like mode for the encryption part, with the unusual property that the counter is applied on the tweak input of the underlying tweakable block cipher rather than on the plaintext input. Unlike many previous authenticated encryption modes, \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {SCT}$$\\end{document} enjoys provable security beyond the birthday bound (and even up\u00a0to roughly \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^n$$\\end{document} tweakable block cipher calls, where n is the block length, when the tweak length is sufficiently large) in the nonce-respecting scenario where nonces are never repeated. In addition, \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {SCT}$$\\end{document} ensures security up\u00a0to the birthday bound even when nonces are reused, in the strong nonce-misuse resistance sense (MRAE) of Rogaway and Shrimpton (EUROCRYPT\u00a02006). To the best of our knowledge, this is the first authenticated encryption mode that provides at the same time close-to-optimal security in the nonce-respecting scenario and birthday-bound security for the nonce-misuse scenario. While two passes are necessary to achieve MRAE-security, our mode enjoys a number of desirable features: it is simple, parallelizable, it requires the encryption direction only, it is particularly efficient for small messages compared to other nonce-misuse resistant schemes (no precomputation is required) and it allows incremental update of associated data.", 
    "editor": [
      {
        "familyName": "Robshaw", 
        "givenName": "Matthew", 
        "type": "Person"
      }, 
      {
        "familyName": "Katz", 
        "givenName": "Jonathan", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-662-53018-4_2", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-662-53017-7", 
        "978-3-662-53018-4"
      ], 
      "name": "Advances in Cryptology \u2013 CRYPTO 2016", 
      "type": "Book"
    }, 
    "keywords": [
      "tweakable block cipher", 
      "encryption mode", 
      "nonce-respecting scenario", 
      "block cipher", 
      "birthday-bound security", 
      "Authenticated Encryption Mode", 
      "encryption scheme", 
      "authentication part", 
      "incremental updates", 
      "encryption part", 
      "provable security", 
      "small messages", 
      "resistant scheme", 
      "optimal security", 
      "plaintext inputs", 
      "security", 
      "cipher", 
      "tweak input", 
      "nonce", 
      "desirable features", 
      "scenarios", 
      "scheme", 
      "nonce-misuse scenario", 
      "Rogaway", 
      "same time", 
      "input", 
      "messages", 
      "MAC", 
      "Shrimpton", 
      "update", 
      "features", 
      "counter", 
      "TWEAK", 
      "knowledge", 
      "part", 
      "data", 
      "manner", 
      "number", 
      "time", 
      "mode", 
      "sense", 
      "direction", 
      "passes", 
      "addition", 
      "properties", 
      "birthday", 
      "unusual properties"
    ], 
    "name": "Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers", 
    "pagination": "33-63", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1014940773"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-662-53018-4_2"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-662-53018-4_2", 
      "https://app.dimensions.ai/details/publication/pub.1014940773"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-12-01T06:48", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221201/entities/gbq_results/chapter/chapter_211.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-662-53018-4_2"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-53018-4_2'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-53018-4_2'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-53018-4_2'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-53018-4_2'


 

This table displays all metadata directly associated to this object as RDF triples.

121 TRIPLES      22 PREDICATES      71 URIs      64 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-662-53018-4_2 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N36071deca3464584938e91a4313f062a
4 schema:datePublished 2016-07-21
5 schema:datePublishedReg 2016-07-21
6 schema:description We propose the Synthetic Counter-in-Tweak (\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document}) mode, which turns a tweakable block cipher into a nonce-based authenticated encryption scheme (with associated data). The \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document} mode combines in a SIV-like manner a Wegman-Carter MAC inspired from \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {PMAC}$$\end{document} for the authentication part and a new counter-like mode for the encryption part, with the unusual property that the counter is applied on the tweak input of the underlying tweakable block cipher rather than on the plaintext input. Unlike many previous authenticated encryption modes, \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document} enjoys provable security beyond the birthday bound (and even up to roughly \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^n$$\end{document} tweakable block cipher calls, where n is the block length, when the tweak length is sufficiently large) in the nonce-respecting scenario where nonces are never repeated. In addition, \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {SCT}$$\end{document} ensures security up to the birthday bound even when nonces are reused, in the strong nonce-misuse resistance sense (MRAE) of Rogaway and Shrimpton (EUROCRYPT 2006). To the best of our knowledge, this is the first authenticated encryption mode that provides at the same time close-to-optimal security in the nonce-respecting scenario and birthday-bound security for the nonce-misuse scenario. While two passes are necessary to achieve MRAE-security, our mode enjoys a number of desirable features: it is simple, parallelizable, it requires the encryption direction only, it is particularly efficient for small messages compared to other nonce-misuse resistant schemes (no precomputation is required) and it allows incremental update of associated data.
7 schema:editor N1456b7bc161842c19ebedba1a23950f4
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf N349373b79cd9406199780892cb83cbe9
11 schema:keywords Authenticated Encryption Mode
12 MAC
13 Rogaway
14 Shrimpton
15 TWEAK
16 addition
17 authentication part
18 birthday
19 birthday-bound security
20 block cipher
21 cipher
22 counter
23 data
24 desirable features
25 direction
26 encryption mode
27 encryption part
28 encryption scheme
29 features
30 incremental updates
31 input
32 knowledge
33 manner
34 messages
35 mode
36 nonce
37 nonce-misuse scenario
38 nonce-respecting scenario
39 number
40 optimal security
41 part
42 passes
43 plaintext inputs
44 properties
45 provable security
46 resistant scheme
47 same time
48 scenarios
49 scheme
50 security
51 sense
52 small messages
53 time
54 tweak input
55 tweakable block cipher
56 unusual properties
57 update
58 schema:name Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers
59 schema:pagination 33-63
60 schema:productId N2c10e5eae8ce4988a1a7823ac7baf64e
61 N920b43a88cf94b37b12ef25ae5aaa31e
62 schema:publisher N882ca542a2894bf2a1cc6db0067cd86f
63 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014940773
64 https://doi.org/10.1007/978-3-662-53018-4_2
65 schema:sdDatePublished 2022-12-01T06:48
66 schema:sdLicense https://scigraph.springernature.com/explorer/license/
67 schema:sdPublisher Nc08936066b4b4c0e8d1d64ac45e04dd2
68 schema:url https://doi.org/10.1007/978-3-662-53018-4_2
69 sgo:license sg:explorer/license/
70 sgo:sdDataset chapters
71 rdf:type schema:Chapter
72 N1456b7bc161842c19ebedba1a23950f4 rdf:first Na74aef464efb49799bab327a970a701b
73 rdf:rest Ne4bc1cfea4274614a27db7cf9adf058c
74 N2c10e5eae8ce4988a1a7823ac7baf64e schema:name doi
75 schema:value 10.1007/978-3-662-53018-4_2
76 rdf:type schema:PropertyValue
77 N349373b79cd9406199780892cb83cbe9 schema:isbn 978-3-662-53017-7
78 978-3-662-53018-4
79 schema:name Advances in Cryptology – CRYPTO 2016
80 rdf:type schema:Book
81 N36071deca3464584938e91a4313f062a rdf:first sg:person.011167161615.31
82 rdf:rest N4696513b221d4d45b4acbcd0dd7d306b
83 N4696513b221d4d45b4acbcd0dd7d306b rdf:first sg:person.011724731171.01
84 rdf:rest rdf:nil
85 N882ca542a2894bf2a1cc6db0067cd86f schema:name Springer Nature
86 rdf:type schema:Organisation
87 N8e83f609182245caaea11da267da308b schema:familyName Katz
88 schema:givenName Jonathan
89 rdf:type schema:Person
90 N920b43a88cf94b37b12ef25ae5aaa31e schema:name dimensions_id
91 schema:value pub.1014940773
92 rdf:type schema:PropertyValue
93 Na74aef464efb49799bab327a970a701b schema:familyName Robshaw
94 schema:givenName Matthew
95 rdf:type schema:Person
96 Nc08936066b4b4c0e8d1d64ac45e04dd2 schema:name Springer Nature - SN SciGraph project
97 rdf:type schema:Organization
98 Ne4bc1cfea4274614a27db7cf9adf058c rdf:first N8e83f609182245caaea11da267da308b
99 rdf:rest rdf:nil
100 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
101 schema:name Information and Computing Sciences
102 rdf:type schema:DefinedTerm
103 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
104 schema:name Data Format
105 rdf:type schema:DefinedTerm
106 sg:person.011167161615.31 schema:affiliation grid-institutes:grid.59025.3b
107 schema:familyName Peyrin
108 schema:givenName Thomas
109 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011167161615.31
110 rdf:type schema:Person
111 sg:person.011724731171.01 schema:affiliation grid-institutes:None
112 schema:familyName Seurin
113 schema:givenName Yannick
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01
115 rdf:type schema:Person
116 grid-institutes:None schema:alternateName ANSSI, Paris, France
117 schema:name ANSSI, Paris, France
118 rdf:type schema:Organization
119 grid-institutes:grid.59025.3b schema:alternateName SPMS, NTU, Singapore, Singapore
120 schema:name SPMS, NTU, Singapore, Singapore
121 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...