Sciweavers

CRYPTO
2012
Springer

Tweakable Blockciphers with Beyond Birthday-Bound Security

12 years 3 months ago
Tweakable Blockciphers with Beyond Birthday-Bound Security
Liskov, Rivest and Wagner formalized the tweakable blockcipher (TBC) primitive at CRYPTO’02. The typical recipe for instantiating a TBC is to start with a blockcipher, and then build up a construction that admits a tweak. Almost all such constructions enjoy provable security only to the birthday bound, and the one that does achieve security beyond the birthday bound (due to Minematsu) severely restricts the tweak size and requires per-invocation blockcipher rekeying. This paper gives the first TBC construction that simultaneously allows for arbitrarily “wide” tweaks, does not rekey, and delivers provable security beyond the birthday bound. Our construction is built from a blockcipher and an -AXU2 hash function. As an application of the TBC primitive, LRW suggest the TBC-MAC construction (similar to CBC-MAC but chaining through the tweak), but leave open the question of its security. We close this question, both for TBC-MAC as a PRF and a MAC. Along the way, we find a nonce-base...
Will Landecker, Thomas Shrimpton, R. Seth Terashim
Added 28 Sep 2012
Updated 28 Sep 2012
Type Journal
Year 2012
Where CRYPTO
Authors Will Landecker, Thomas Shrimpton, R. Seth Terashima
Comments (0)