Skip to main content
SpringerLink
Log in

Building blockcipher from small-block tweakable blockcipher

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

How to build a secure blockcipher is one of the central problems in symmetric cryptography. While the popular approach, initiated by the seminal paper of Luby and Rackoff, is based on a pseudorandom function, Minematsu (in: Dunkelman (ed.) FSE, 2009) and Minematsu and Iwata (in: Chen (ed.) IMA, 2011) proposed different schemes to efficiently achieve a better security. The point of these works is that they use tweakable blockcipher (TBC) as an internal module rather than pseudorandom function. This paper further extends the previous schemes and considers the case that the target blockcipher has much larger block size than that of the TBC we use. Assuming the tweak of TBC is long, we propose a scheme similar to unbalanced Feistel cipher that achieves stronger security than the previous schemes of Minematsu and Minematsu-Iwata. We also present a blockcipher-based instantiation of our scheme for the encryption over some unusual domains, such as decimal space, as a typical problem of format-preserving encryption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. Patarin [4] proved that relatively small, 5 or 6, rounds of Feistel can break the birthday bound in an asymptotic sense.

  2. As \(\mathtt a _{i}\) denotes \(A_{i}=1\), this equality means the equality of \(P^{{F}}_{Y_{i}A_{i}|X^{i}Y^{i-1}A_{i-1}}(y_{i},1,x^{i},y^{i-1},1)\) and \(P^{{G}}_{Y_{i}B_{i}|X^{i}Y^{i-1}B_{i-1}}(y_{i},1,x^{i},y^{i-1},1)\) for all \((x^{i},y^{i-1})\) such that both \(P^{{F}}_{A_{i-1}X^{i}Y^{i-1}}(1,x^{i},y^{i-1})\) and \(P^{{G}}_{B_{i-1}X^{i}Y^{i-1}}(1,x^{i},y^{i-1})\) are positive.

  3. Maurer’s method [19] is purely information-theoretic, and in some cases, information-theoretic results obtained by Maurer’s method can not be translated into the computational counterpart (see [5]). However, we do not encounter such difficulties in this paper. Also, very recently a paper [20] points out an error of a lemma presented by [19] regarding the treatment of adaptive strategy. However, we do not use this lemma and thus our result does not suffer from the flaw pointed out by [20].

  4. Strictly speaking, there is a difference in \(\varphi ^{(3d)}\) and \(G_2^{-1}\circ \varphi ^{(d)}\circ G_1\) with respect to the existence of cyclic shifts between \(G_i\) and \(\varrho ^{(3d)}\), however it makes no significance in the security proof.

  5. Following Bellare et al. [27], when \(\tau \approx q\) we can assume \( \mathtt{{Adv}}^{ \mathtt{{sprp}}}_{\text{ AES-256 }}(q,\tau ')\approx \tau '/ 2^{256}\) if AES-256 is computationally CCA-secure. This implies that \(q \mathtt{{Adv}}^{ \mathtt{{sprp}}}_{\text{ AES-256 }}(q,\tau ')\) is estimated as \(q^2/2^{256}\).

  6. In fact, [28] provided a bound that can handle any \(\epsilon \). See [28] for details.

  7. For example, we can combine the first 8 bits of \(v\) and a modulo \(14175(=3^4\cdot 5^2\cdot 7)\) of the remaining 120 bits to specify an element of \(\mathcal{K}_{ks10}\).

  8. Note that this does not provide a comprehensive comparison with FFX. FFX has a number of parameters, including the imbalance between the input and output lengths of internal PRF, number of rounds, etc. In addition the recommended configuration of FFX requires more rounds than 4 when the block size is small, implying a better security bound.

References

  1. Shannon C.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949).

    Google Scholar 

  2. Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).

    Google Scholar 

  3. Goldreich O.: Modern Cryptography, Probabilistic Proofs, and Pseudorandomness. Springer, New York (1998).

  4. Patarin J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin M.K. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 3152, pp. 106–122. Springer, Heidelberg (2004).

  5. Maurer U.M., Pietrzak K.: The security of many-round Luby–Rackoff pseudo-random permutations. In: Biham E. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2656, pp. 544–561. Springer, Heidelberg (2003).

  6. Morris B., Rogaway P., Stegers T.: How to encipher messages on a small domain. In: Halevi S. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 286–302. Springer, Berlin, Heidelberg (2009).

  7. Naor M., Reingold O.: On the construction of pseudorandom permutations: Luby–Rackoff revisited. J. Cryptol. 12(1), 29–66 (1999).

    Google Scholar 

  8. Minematsu K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman O. (ed.) FSE. Lecture Notes in Computer Science, vol. 5665, pp. 308–326. Springer, Berlin, Heidelberg (2009).

  9. Liskov M., Rivest R.L., Wagner D.: Tweakable block ciphers. In: Yung M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2442, pp. 31–46. Springer, Berlin (2002).

  10. Skein Hash Function. SHA-3 Submission, http://www.skein-hash.info/ (2008). Accessed 25 Sept 2013.

  11. Rogaway P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee P.J. (ed.) ASIACRYPT. Lecture Notes in Computer Science, vol. 3329, pp. 16–31. Springer, Heidelberg (2004).

  12. Rogaway P., Zhang H.: Online ciphers from tweakable blockciphers. In: Kiayias A. (ed.) CT-RSA. Lecture Notes in Computer Science, vol. 6558, pp. 237–249. Springer, Berlin (2011).

  13. Coron J.S., Dodis Y., Mandal A., Seurin Y.: A domain extender for the ideal cipher. In: Micciancio D. (ed.) TCC. Lecture Notes in Computer Science, vol. 5978, pp. 273–289. Springer, Heidelberg (2010).

  14. Minematsu K., Iwata T.: Building blockcipher from tweakable blockcipher: extending FSE 2009 proposal. In: Chen L. (ed.) IMA International Conference. Lecture Notes in Computer Science, vol. 7089, pp. 391–412. Springer, Berlin (2011).

  15. Schneier B., Kelsey J.: Unbalanced Feistel networks and block cipher design. In: Gollmann D. (ed.) FSE. Lecture Notes in Computer Science, vol. 1039, pp. 121–144. Springer, Heidelberg (1996).

  16. Halevi S., Rogaway P.: A tweakable enciphering mode. In: Boneh D. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2729, pp. 482–499. Springer, Heidelberg (2003).

  17. Bellare M., Ristenpart T., Rogaway P., Stegers T.: Format-preserving encryption. In: Jacobson Jr M.J., Rijmen V., Safavi-Naini R. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 5867, pp. 295–312. Springer, Berlin, Heidelberg (2009).

  18. Visa Best Practices for Tokenization Version 1.0, http://usa.visa.com/download/merchants/tokenization_best_practices.pdf. Accessed 25 Sept 2013.

  19. Maurer U.M.: Indistinguishability of random systems. In: Knudsen L.R. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2332, pp. 110–132. Springer, Berlin (2002).

  20. Jetchev D., Özen O., Stam M.: Understanding adaptivity: random systems revisited. In: Wang X., Sako K. (eds.) ASIACRYPT. Lecture Notes in Computer Science, vol. 7658, pp. 313–330. Springer, Berlin, Heidelberg (2012).

  21. Bellare M., Rogaway P., Spies T.: The FFX mode of operation for format-preserving encryption, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffx-spec.pdf/ (2010). Accessed 25 Sept 2013.

  22. Bellare M., Desai A., Jokipii E., Rogaway P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403. IEEE Computer Society, Los Alamitos (1997).

  23. Schroeppel R.: Hasty pudding cipher. AES Submission, http://www.cs.arizona.edu/rcs/hpc/ (1998). Accessed 25 Sept 2013.

  24. Crowley P.: Mercy: a fast large block cipher for disk sector encryption. In: Schneier B. (ed.) FSE. Lecture Notes in Computer Science, vol. 1978, pp. 49–63. Springer, New York (2000).

  25. Fluhrer S.R.: Cryptanalysis of the Mercy block cipher. In: Matsui M. (ed.) FSE. Lecture Notes in Computer Science, vol. 2355, pp. 28–36. Springer, Berlin, Heidelberg (2001).

  26. Minematsu K.: Improved security analysis of XEX and LRW modes. In: Biham E., Youssef A.M. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 4356, pp. 96–113. Springer, Berlin (2006).

  27. Bellare M., Krovetz T., Rogaway P.: Luby–Rackoff backwards: increasing security by making block ciphers non-invertible. In: Nyberg K. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 1403, pp. 266–280. Springer, Heidelberg (1998).

  28. Landecker W., Shrimpton T., Terashima R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini R., Canetti R. (eds.) CRYPTO. Lecture Notes in Computer Science, vol. 7417, pp. 14–30. Springer, Berlin, Heidelberg (2012).

  29. Lampe R., Seurin Y.: Tweakable blockciphers with asymptotically optimal security. In: Pre-proceedings of Fast Software Encryption (2013).

  30. Gladman B.: http://www.gladman.me.uk/. Accessed 25 Sept 2013.

  31. Brier E., Peyrin T., Stern J.: BPS: a format-preserving encryption proposal, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/bps/bps-spec.pdf/ (2010). Accessed 25 Sept 2013.

  32. Fisher-Yates Shuffle. Wikipedia Entry, http://en.wikipedia.org/wiki/Fisher-Yates_shuffle/. Accessed 25 Sept 2013.

  33. Vance J.: VAES3 scheme for FFX: An addendum to “The FFX Mode of Operation for Format-Preserving Encryption”. NIST CSRC, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffx-ad-VAES3.pdf/ (2011). Accessed 25 Sept 2013.

  34. Granboulan L., Pornin T.: Perfect block ciphers with small blocks. In: Biryukov A. (ed.) FSE. Lecture Notes in Computer Science, vol. 4593, pp. 452–465. Springer, Heidelberg (2007).

Download references

Author information

Authors and Affiliations

  1. NEC Corporation, 1753 Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa,  211-8666, Japan

    Kazuhiko Minematsu

Authors
  1. Kazuhiko Minematsu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kazuhiko Minematsu.

Additional information

Communicated by L. R. Knudsen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Minematsu, K. Building blockcipher from small-block tweakable blockcipher. Des. Codes Cryptogr. 74, 645–663 (2015). https://doi.org/10.1007/s10623-013-9882-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-013-9882-8

Keywords

Mathematics Subject Classification

Search

Navigation