**Are you an EPFL student looking for a semester project?**

Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.

Publication# Tweaking Key-Alternating Feistel Block Ciphers

Abstract

Tweakable block cipher as a cryptographic primitive has found wide applications in disk encryption, authenticated encryption mode and message authentication code, etc. One popular approach of designing tweakable block ciphers is to tweak the generic constructions of classic block ciphers. This paper focuses on how to build a secure tweakable block cipher from the Key-Alternating Feistel (KAF) structure, a dedicated Feistel structure with round functions of the form 𝐹𝑖(𝑘𝑖⊕𝑥𝑖) , where 𝑘𝑖 is the secret round key and 𝐹𝑖 is a public random function in the i-th round. We start from the simplest KAF structures that have been published so far, and then incorporate the tweaks to the round key XOR operations by (almost) universal hash functions. Moreover, we limit the number of rounds with the tweak injections for the efficiency concerns of changing the tweak value. Our results are two-fold, depending on the provable security bound: For the birthday-bound security, we present a 4-round minimal construction with two independent round keys, a single round function and two universal hash functions; For the beyond-birthday-bound security, we present a 10-round construction secure up to 𝑂(min{22𝑛/3,22𝑛𝜖−1‾‾‾‾‾‾√4}) adversarial queries, where n is the output size of the round function and 𝜖 is the upper bound of the collision probability of the universal hash functions. Our security proofs exploit the hybrid argument combined with the H-coefficient technique.

Official source

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (78)

Related concepts (37)

Block cipher

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption. A block cipher uses blocks as an unvarying transformation. Even a secure block cipher is suitable for the encryption of only a single block of data at a time, using a fixed key.

Cryptographic hash function

A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of bits) that has special properties desirable for a cryptographic application: the probability of a particular -bit output result (hash value) for a random input string ("message") is (as for any good hash), so the hash value can be used as a representative of the message; finding an input string that matches a given hash value (a pre-image) is unfeasible, assuming all input str

Round (cryptography)

In cryptography, a round or round function is a basic transformation that is repeated (iterated) multiple times inside the algorithm. Splitting a large algorithmic function into rounds simplifies both implementation and cryptanalysis. For example, encryption using an oversimplified three-round cipher can be written as , where C is the ciphertext and P is the plaintext. Typically, rounds are implemented using the same function, parameterized by the round constant and, for block ciphers, the round key from the key schedule.

Ontological neighbourhood

Since the advent of internet and mass communication, two public-key cryptographic algorithms have shared the monopoly of data encryption and authentication: Diffie-Hellman and RSA. However, in the last few years, progress made in quantum physics -- and mor ...

Andrea Felice Caforio, Subhadeep Banik

In this paper, we propose Rocca-S, an authenticated encryption scheme with a 256-bit key and a 256-bit tag targeting 6G applications bootstrapped from AES. Rocca-S achieves an encryption/decryption speed of more than 200 Gbps in the latest software environ ...

Four recent trends have emerged in the evolution of authenticated encryption schemes: (1) Regarding simplicity, the adoption of public permutations as primitives allows for sparing a key schedule and the need for storing round keys; (2) using the sums of p ...