Nothing Special   »   [go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2024/294

Multiplex: TBC-based Authenticated Encryption with Sponge-Like Rate

Thomas Peters, UCLouvain
Yaobin Shen, Xiamen University
François-Xavier Standaert, UCLouvain
Abstract

Authenticated Encryption (AE) modes of operation based on Tweakable Block Ciphers (TBC) usually measure efficiency in the number of calls to the underlying primitive per message block. On the one hand, many existing solutions reach a primitive-rate of 1, meaning that each n-bit block of message asymptotically needs a single call to the TBC with output length n. On the other hand, while these modes look optimal in a blackbox setting, they become less attractive when leakage comes into play, since all these calls must then be equally well protected to maintain security. Leakage-resistant modes improve this situation, by generating ephemeral keys every constant number of calls. However, rekeying is inherently suboptimal in primitive-rate, since a TBC call can only be used either to refresh a key or to encrypt a block. Even worse, existing solutions achieving almost n bits of security for n-bit secret keys have at most a primitive-rate 2/3. Hence the question: Can we design a highly-secure TBC-based rekeying mode with ``nearly optimal'' primitive-rate? We answer this question positively with Multiplex, a new mode that has primitive-rate d/(d+1) given a TBC with a dn-bit tweak. Multiplex achieves $n-\log_2(dn)$ bits of security for both (i) misuse-resilience CCA security in the blackbox setting and (ii) Ciphertext Integrity with Misuse-resistant and unbounded Leakage in encryption and decryption (CIML2). It also provides (iii) confidentiality with leakage up to the birthday bound. Furthermore, Multiplex can run d+1 calls in parallel in each iteration. The combination of these features gives a mode of operation that inherits most of the good implementation features and flexibility of a Duplex sponge -- therefore paving the way towards sound comparisons between TBC-based and permutation-based AE.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Leakage-ResistanceAuthenticated EncryptionTweakable Block Cipher
Contact author(s)
thomas peters @ uclouvain be
yaobin shen @ xmu edu cn
fstandae @ uclouvain be
History
2024-02-23: approved
2024-02-21: received
See all versions
Short URL
https://ia.cr/2024/294
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/294,
      author = {Thomas Peters and Yaobin Shen and François-Xavier Standaert},
      title = {Multiplex: {TBC}-based Authenticated Encryption with Sponge-Like Rate},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/294},
      year = {2024},
      url = {https://eprint.iacr.org/2024/294}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.