Abstract
How to build a secure blockcipher is one of the central problems in symmetric cryptography. While the popular approach, initiated by the seminal paper of Luby and Rackoff, is based on a pseudorandom function, Minematsu (in: Dunkelman (ed.) FSE, 2009) and Minematsu and Iwata (in: Chen (ed.) IMA, 2011) proposed different schemes to efficiently achieve a better security. The point of these works is that they use tweakable blockcipher (TBC) as an internal module rather than pseudorandom function. This paper further extends the previous schemes and considers the case that the target blockcipher has much larger block size than that of the TBC we use. Assuming the tweak of TBC is long, we propose a scheme similar to unbalanced Feistel cipher that achieves stronger security than the previous schemes of Minematsu and Minematsu-Iwata. We also present a blockcipher-based instantiation of our scheme for the encryption over some unusual domains, such as decimal space, as a typical problem of format-preserving encryption.
Similar content being viewed by others
Notes
Patarin [4] proved that relatively small, 5 or 6, rounds of Feistel can break the birthday bound in an asymptotic sense.
As \(\mathtt a _{i}\) denotes \(A_{i}=1\), this equality means the equality of \(P^{{F}}_{Y_{i}A_{i}|X^{i}Y^{i-1}A_{i-1}}(y_{i},1,x^{i},y^{i-1},1)\) and \(P^{{G}}_{Y_{i}B_{i}|X^{i}Y^{i-1}B_{i-1}}(y_{i},1,x^{i},y^{i-1},1)\) for all \((x^{i},y^{i-1})\) such that both \(P^{{F}}_{A_{i-1}X^{i}Y^{i-1}}(1,x^{i},y^{i-1})\) and \(P^{{G}}_{B_{i-1}X^{i}Y^{i-1}}(1,x^{i},y^{i-1})\) are positive.
Maurer’s method [19] is purely information-theoretic, and in some cases, information-theoretic results obtained by Maurer’s method can not be translated into the computational counterpart (see [5]). However, we do not encounter such difficulties in this paper. Also, very recently a paper [20] points out an error of a lemma presented by [19] regarding the treatment of adaptive strategy. However, we do not use this lemma and thus our result does not suffer from the flaw pointed out by [20].
Strictly speaking, there is a difference in \(\varphi ^{(3d)}\) and \(G_2^{-1}\circ \varphi ^{(d)}\circ G_1\) with respect to the existence of cyclic shifts between \(G_i\) and \(\varrho ^{(3d)}\), however it makes no significance in the security proof.
Following Bellare et al. [27], when \(\tau \approx q\) we can assume \( \mathtt{{Adv}}^{ \mathtt{{sprp}}}_{\text{ AES-256 }}(q,\tau ')\approx \tau '/ 2^{256}\) if AES-256 is computationally CCA-secure. This implies that \(q \mathtt{{Adv}}^{ \mathtt{{sprp}}}_{\text{ AES-256 }}(q,\tau ')\) is estimated as \(q^2/2^{256}\).
For example, we can combine the first 8 bits of \(v\) and a modulo \(14175(=3^4\cdot 5^2\cdot 7)\) of the remaining 120 bits to specify an element of \(\mathcal{K}_{ks10}\).
Note that this does not provide a comprehensive comparison with FFX. FFX has a number of parameters, including the imbalance between the input and output lengths of internal PRF, number of rounds, etc. In addition the recommended configuration of FFX requires more rounds than 4 when the block size is small, implying a better security bound.
References
Shannon C.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949).
Luby M., Rackoff C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988).
Goldreich O.: Modern Cryptography, Probabilistic Proofs, and Pseudorandomness. Springer, New York (1998).
Patarin J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin M.K. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 3152, pp. 106–122. Springer, Heidelberg (2004).
Maurer U.M., Pietrzak K.: The security of many-round Luby–Rackoff pseudo-random permutations. In: Biham E. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2656, pp. 544–561. Springer, Heidelberg (2003).
Morris B., Rogaway P., Stegers T.: How to encipher messages on a small domain. In: Halevi S. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 5677, pp. 286–302. Springer, Berlin, Heidelberg (2009).
Naor M., Reingold O.: On the construction of pseudorandom permutations: Luby–Rackoff revisited. J. Cryptol. 12(1), 29–66 (1999).
Minematsu K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman O. (ed.) FSE. Lecture Notes in Computer Science, vol. 5665, pp. 308–326. Springer, Berlin, Heidelberg (2009).
Liskov M., Rivest R.L., Wagner D.: Tweakable block ciphers. In: Yung M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2442, pp. 31–46. Springer, Berlin (2002).
Skein Hash Function. SHA-3 Submission, http://www.skein-hash.info/ (2008). Accessed 25 Sept 2013.
Rogaway P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee P.J. (ed.) ASIACRYPT. Lecture Notes in Computer Science, vol. 3329, pp. 16–31. Springer, Heidelberg (2004).
Rogaway P., Zhang H.: Online ciphers from tweakable blockciphers. In: Kiayias A. (ed.) CT-RSA. Lecture Notes in Computer Science, vol. 6558, pp. 237–249. Springer, Berlin (2011).
Coron J.S., Dodis Y., Mandal A., Seurin Y.: A domain extender for the ideal cipher. In: Micciancio D. (ed.) TCC. Lecture Notes in Computer Science, vol. 5978, pp. 273–289. Springer, Heidelberg (2010).
Minematsu K., Iwata T.: Building blockcipher from tweakable blockcipher: extending FSE 2009 proposal. In: Chen L. (ed.) IMA International Conference. Lecture Notes in Computer Science, vol. 7089, pp. 391–412. Springer, Berlin (2011).
Schneier B., Kelsey J.: Unbalanced Feistel networks and block cipher design. In: Gollmann D. (ed.) FSE. Lecture Notes in Computer Science, vol. 1039, pp. 121–144. Springer, Heidelberg (1996).
Halevi S., Rogaway P.: A tweakable enciphering mode. In: Boneh D. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2729, pp. 482–499. Springer, Heidelberg (2003).
Bellare M., Ristenpart T., Rogaway P., Stegers T.: Format-preserving encryption. In: Jacobson Jr M.J., Rijmen V., Safavi-Naini R. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 5867, pp. 295–312. Springer, Berlin, Heidelberg (2009).
Visa Best Practices for Tokenization Version 1.0, http://usa.visa.com/download/merchants/tokenization_best_practices.pdf. Accessed 25 Sept 2013.
Maurer U.M.: Indistinguishability of random systems. In: Knudsen L.R. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 2332, pp. 110–132. Springer, Berlin (2002).
Jetchev D., Özen O., Stam M.: Understanding adaptivity: random systems revisited. In: Wang X., Sako K. (eds.) ASIACRYPT. Lecture Notes in Computer Science, vol. 7658, pp. 313–330. Springer, Berlin, Heidelberg (2012).
Bellare M., Rogaway P., Spies T.: The FFX mode of operation for format-preserving encryption, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffx-spec.pdf/ (2010). Accessed 25 Sept 2013.
Bellare M., Desai A., Jokipii E., Rogaway P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403. IEEE Computer Society, Los Alamitos (1997).
Schroeppel R.: Hasty pudding cipher. AES Submission, http://www.cs.arizona.edu/rcs/hpc/ (1998). Accessed 25 Sept 2013.
Crowley P.: Mercy: a fast large block cipher for disk sector encryption. In: Schneier B. (ed.) FSE. Lecture Notes in Computer Science, vol. 1978, pp. 49–63. Springer, New York (2000).
Fluhrer S.R.: Cryptanalysis of the Mercy block cipher. In: Matsui M. (ed.) FSE. Lecture Notes in Computer Science, vol. 2355, pp. 28–36. Springer, Berlin, Heidelberg (2001).
Minematsu K.: Improved security analysis of XEX and LRW modes. In: Biham E., Youssef A.M. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 4356, pp. 96–113. Springer, Berlin (2006).
Bellare M., Krovetz T., Rogaway P.: Luby–Rackoff backwards: increasing security by making block ciphers non-invertible. In: Nyberg K. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 1403, pp. 266–280. Springer, Heidelberg (1998).
Landecker W., Shrimpton T., Terashima R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini R., Canetti R. (eds.) CRYPTO. Lecture Notes in Computer Science, vol. 7417, pp. 14–30. Springer, Berlin, Heidelberg (2012).
Lampe R., Seurin Y.: Tweakable blockciphers with asymptotically optimal security. In: Pre-proceedings of Fast Software Encryption (2013).
Gladman B.: http://www.gladman.me.uk/. Accessed 25 Sept 2013.
Brier E., Peyrin T., Stern J.: BPS: a format-preserving encryption proposal, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/bps/bps-spec.pdf/ (2010). Accessed 25 Sept 2013.
Fisher-Yates Shuffle. Wikipedia Entry, http://en.wikipedia.org/wiki/Fisher-Yates_shuffle/. Accessed 25 Sept 2013.
Vance J.: VAES3 scheme for FFX: An addendum to “The FFX Mode of Operation for Format-Preserving Encryption”. NIST CSRC, http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffx/ffx-ad-VAES3.pdf/ (2011). Accessed 25 Sept 2013.
Granboulan L., Pornin T.: Perfect block ciphers with small blocks. In: Biryukov A. (ed.) FSE. Lecture Notes in Computer Science, vol. 4593, pp. 452–465. Springer, Heidelberg (2007).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by L. R. Knudsen.
Rights and permissions
About this article
Cite this article
Minematsu, K. Building blockcipher from small-block tweakable blockcipher. Des. Codes Cryptogr. 74, 645–663 (2015). https://doi.org/10.1007/s10623-013-9882-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-013-9882-8