# American Institute of Mathematical Sciences

• Previous Article
Additive polycyclic codes over $\mathbb{F}_{4}$ induced by binary vectors and some optimal codes
• AMC Home
• This Issue
• Next Article
Connection of $p$-ary $t$-weight linear codes to Ramanujan Cayley graphs with $t+1$ eigenvalues
doi: 10.3934/amc.2021021
Online First

Online First articles are published articles within a journal that have not yet been assigned to a formal issue. This means they do not yet have a volume number, issue number, or page numbers assigned to them, however, they can still be found and cited using their DOI (Digital Object Identifier). Online First publication benefits the research community by making new scientific discoveries known as quickly as possible.

Readers can access Online First articles via the “Online First” tab for the selected journal.

## Designing tweakable enciphering schemes using public permutations

 1 Indian Statistical Institute, 203, B.T. Road, Kolkata, India 700108 2 Institute for Advancing Intelligence, TCG-CREST, Sector V, Salt Lake, Kolkata, India 700091

* Corresponding author: Debrup Chakraborty

Received  February 2021 Revised  April 2021 Early access June 2021

A tweakable enciphering scheme (TES) is a length preserving (tweakable) encryption scheme that provides (tweakable) strong pseudorandom permutation security on arbitrarily long messages. TES is traditionally built using block ciphers and the security of the mode depends on the strong pseudorandom permutation security of the underlying block cipher. In this paper, we construct TESs using public random permutations. Public random permutations are being considered as a replacement of block cipher in several cryptographic schemes including AEs, MACs, etc. However, to our knowledge, a systematic study of constructing TES using public random permutations is missing. In this paper, we give a generic construction of a TES which uses a public random permutation, a length expanding public permutation based PRF and a hash function which is both almost xor universal and almost regular. Further, we propose a concrete length expanding public permutation based PRF construction. We also propose a single keyed TES using a public random permutation and an AXU and almost regular hash function.

Citation: Debrup Chakraborty, Avijit Dutta, Samir Kundu. Designing tweakable enciphering schemes using public permutations. Advances in Mathematics of Communications, doi: 10.3934/amc.2021021
##### References:
 [1] [2] M. Abbadi, et al., Deterministic authenticated-encryption: A provable-security treatment of the keywrap problem, Journal of Applied Sciences, 8 (1996), 1. [3] Z. Bao, A. Chakraborti, N. Datta, J. Guo, M. Nandi, T. Peyrin and K. Yasuda, Photon-beetle authenticated encryption and hash family, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/PHOTON-Beetle-spec.pdf. [4] D. J. Bernstein, et al., Gimli : A cross-platform permutation, in Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings (eds. W. Fischer and N. Homma), Lecture Notes in Computer Science, 10529, Springer, 2017,299–320. doi: 10.1007/978-3-319-66787-4_15. [5] G. Bertoni, J. Daemen, S. Hoffert, M. Peeters, G. V. Assche and R. V. Keer, Farfalle: Parallel permutation-based cryptography, IACR Trans. Symmetric Cryptol., 2017 (2017), 1–38. [6] G. Bertoni, J. Daemen, M. Peeters and G. V. Assche, Sponge-based pseudo-random number generators, in Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings (eds. S. Mangard and F. Standaert), Lecture Notes in Computer Science, 6225, Springer, 2010, 33–47. doi: 10.1007/978-3-642-15031-9_3. [7] G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, Sponge functions, in ECRYPT Hash Workshop, 2007, Citeseer, 2007. [8] G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, Keccak, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2013,313–314. [9] T. Beyne, Y. L. Chen, C. Dobraunig and B. Mennink, Elephant, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/elephant-spec.pdf. [10] S. Bhattacharya and M. Nandi, Revisiting variable output length XOR pseudorandom function, IACR Cryptol. ePrint Arch., 2019 (2019), 249. Available from: URL https://eprint.iacr.org/2019/249. [11] R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II (eds. T. Iwata and J. H. Cheon), Lecture Notes in Computer Science, 9453, Springer, 2015,159–180. doi: 10.1007/978-3-662-48800-3_7. [12] R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2015,159–180. doi: 10.1007/978-3-662-48800-3_7. [13] A. Bogdanov, M. Knezevic, G. Leander, D. Toz, K. Varici and I. Verbauwhede, Spongent: A lightweight hash function, in Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings (eds. B. Preneel and T. Takagi), Lecture Notes in Computer Science, 6917, Springer, 2011,312–325. doi: 10.1007/978-3-642-23951-9_21. [14] A. Bogdanov, L. R. Knudsen, G. Leander, F.-X. Standaert, J. Steinberger and E. Tischhauser, Key-alternating ciphers in a provable setting: Encryption using a small number of public permutations, in Advances in Cryptology – EUROCRYPT 2012, Springer, 2012, 45–62. doi: 10.1007/978-3-642-29011-4_5. [15] B. Chakraborty and M. Nandi, Orange, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/orange-spec.pdf. [16] D. Chakraborty, S. Ghosh, C. Mancillas-López and P. Sarkar, FAST: Disk encryption and beyond, IACR Cryptology ePrint Archive, 2017 (2017), 849. Available from: URL http://eprint.iacr.org/2017/849. [17] D. Chakraborty, V. Hernandez-Jimenez and P. Sarkar, Another look at XCB, Cryptography and Communications, 7 (2015), 439-468.  doi: 10.1007/s12095-015-0127-8. [18] D. Chakraborty, C. Mancillas-López and P. Sarkar, STES: A stream cipher based low cost scheme for securing stored data, IACR Cryptology ePrint Archive, 2013 (2013), 347. doi: 10.1109/TC.2014.2366739. [19] D. Chakraborty and M. Nandi, An improved security bound for HCTR, in Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers, 2008,289–302. [20] D. Chakraborty and P. Sarkar, HCH: A new tweakable enciphering scheme using the hash-counter-hash approach, IEEE Transactions on Information Theory, 54 (2008), 1683-1699.  doi: 10.1109/TIT.2008.917623. [21] D. Chang, N. Datta, A. Dutta, B. Mennink, M. Nandi, S. Sanadhya and F. Sibleyras, Release of unverified plaintext: Tight unified model and application to ANYDAE, IACR Trans. Symmetric Cryptol., 2019 (2019), 119–146. [22] D. Chang and M. Nandi, A short proof of the PRP/PRF switching lemma, IACR Cryptol. ePrint Arch., 2008 (2008), 78. [23] S. Chen and J. P. Steinberger, Tight security bounds for key-alternating ciphers, in EUROCRYPT 2014. Proceedings, 2014,327–350. doi: 10.1007/978-3-642-55220-5_19. [24] Y. L. Chen, E. Lambooij and B. Mennink, How to build pseudorandom functions from public random permutations, in Advances in Cryptology - CRYPTO 2019 - 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2019, Proceedings, Part I, 2019,266–293. doi: 10.1007/978-3-030-26948-7_10. [25] B. Cogliati and Y. Seurin, On the provable security of the iterated even-mansour cipher against related-key and chosen-key attacks, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2015,584–613. doi: 10.1007/978-3-662-46800-5_23. [26] J. Daemen, S. Hoffert, M. Peeters, G. V. Assche and R. V. Keer, Xoodyak, a lightweight cryptographic scheme, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/Xoodyak-spec.pdf. [27] Y. Dai, Y. Seurin, J. Steinberger and A. Thiruvengadam, Indifferentiability of iterated even-mansour ciphers with non-idealized key-schedules: Five rounds are necessary and sufficient, in Annual International Cryptology Conference, Springer, 2017,524–555. doi: 10.1007/978-3-319-63697-9_18. [28] N. Datta, A. Dutta, M. Nandi and G. Paul, Double-block hash-then-sum: A paradigm for constructing bbb secure prf, IACR Transactions on Symmetric Cryptology, 36–92. [29] N. Datta, A. Dutta, M. Nandi, G. Paul and L. Zhang, Single key variant of pmac_plus, IACR Transactions on Symmetric Cryptology, 268–305. [30] N. Datta, A. Dutta, M. Nandi and K. Yasuda, Encrypt or decrypt? To make a single-key beyond birthday secure nonce-based mac, in Annual International Cryptology Conference, Springer, 2018,631–661. doi: 10.1007/978-3-319-96884-1_2. [31] I. Dinur, O. Dunkelman, N. Keller and A. Shamir, Key recovery attacks on iterated even–mansour encryption schemes, Journal of Cryptology, 29 (2016), 697-728.  doi: 10.1007/s00145-015-9207-3. [32] C. Dobraunig, M. Eichlseder, F. Mendel and M. Schläffer, Ascon v1.2, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/ascon-spec.pdf. [33] A. Dutta, Minimizing the two-round tweakable even-mansour cipher, in Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part I (eds. S. Moriai and H. Wang), Lecture Notes in Computer Science, 12491, Springer, 2020,601–629. doi: 10.1007/978-3-030-05378-9_3. [34] A. Dutta and M. Nandi, Tweakable HCTR: A BBB secure tweakable enciphering scheme, in Progress in Cryptology - INDOCRYPT 2018 - 19th International Conference on Cryptology in India, New Delhi, India, December 9-12, 2018, Proceedings, 2018, 47–69. doi: 10.1007/978-3-030-05378-9_3. [35] A. Dutta, M. Nandi and S. Talnikar, Beyond birthday bound secure mac in faulty nonce model, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2019,437–466. doi: 10.1007/978-3-030-17653-2_15. [36] S. Even and Y. Mansour, A construction of a cipher from a single pseudorandom permutation, J. Cryptology, 10 (1997), 151-162.  doi: 10.1007/s001459900025. [37] S. Halevi, EME*: Extending EME to handle arbitrary-length messages with associated data. [38] S. Halevi and P. Rogaway, A tweakable enciphering mode, in CRYPTO (ed. D. Boneh), Lecture Notes in Computer Science, 2729, Springer, 2003,482–499. doi: 10.1007/978-3-540-45146-4_28. [39] S. Halevi and P. Rogaway, A parallelizable enciphering mode, in CT-RSA (ed. T. Okamoto), Lecture Notes in Computer Science, 2964, Springer, 2004,292–304. doi: 10.1007/978-3-540-24660-2_23. [40] V. T. Hoang, T. Krovetz and P. Rogaway, Robust authenticated-encryption AEZ and the problem that it solves, in Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I (eds. E. Oswald and M. Fischlin), Lecture Notes in Computer Science, 9056, Springer, 2015, 15–44. doi: 10.1007/978-3-662-46800-5_2. [41] M. Kumar, Security of XCB and HCTR, in M. Tech. (Computer Science) Thesis [42] M. Liskov, R. L. Rivest and D. Wagner, Tweakable block ciphers, in Annual International Cryptology Conference, Springer, 2002, 31–46. doi: 10.1007/3-540-45708-9_3. [43] M. Liskov, R. L. Rivest and D. A. Wagner, Tweakable block ciphers, J. Cryptology, 24 (2011), 588-613.  doi: 10.1007/s00145-010-9073-y. [44] D. A. McGrew and S. R. Fluhrer, The security of the extended codebook (XCB) mode of operation, in Selected Areas in Cryptography (eds. C. M. Adams, A. Miri and M. J. Wiener), Lecture Notes in Computer Science, 4876, Springer, 2007,311–327. [45] B. Mennink, R. Reyhanitabar and D. Vizár, Security of full-state keyed sponge and duplex: Applications to authenticated encryption, in International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2015,465–489. doi: 10.1007/978-3-662-48800-3_19. [46] K. Minematsu, Beyond-birthday-bound security based on tweakable block cipher, in International Workshop on Fast Software Encryption, Springer, 2009,308–326. [47] NIST, Available from: https://csrc.nist.gov/projects/lightweight-cryptography. [48] J. Patarin, The "coefficients H" technique, in Selected Areas in Cryptography, SAC, 2008,328–345. [49] P. Rogaway, M. Bellare and J. Black, Sha-3 standard, ACM Transactions on Information and System Security (TISSEC), 6 (2003), 365-403. [50] P. Sarkar, Tweakable enciphering schemes from stream ciphers with IV, IACR Cryptol. ePrint Arch., 2009 (2009), 321. Available from: URL http://eprint.iacr.org/2009/321. [51] P. Wang, D. Feng and W. Wu, HCTR: A variable-input-length enciphering mode, in Information Security and Cryptology, First SKLOIS Conference, CISC 2005, Beijing, China, December 15-17, 2005, Proceedings, 2005,175–188. doi: 10.1007/11599548_15. [52] M. N. Wegman and J. L. Carter, New classes and applications of hash functions, in 20th Annual Symposium on Foundations of Computer Science (sfcs 1979), IEEE, 1979,175–182. doi: 10.1016/0022-0000(79)90044-8.

show all references

##### References:
 [1] [2] M. Abbadi, et al., Deterministic authenticated-encryption: A provable-security treatment of the keywrap problem, Journal of Applied Sciences, 8 (1996), 1. [3] Z. Bao, A. Chakraborti, N. Datta, J. Guo, M. Nandi, T. Peyrin and K. Yasuda, Photon-beetle authenticated encryption and hash family, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/PHOTON-Beetle-spec.pdf. [4] D. J. Bernstein, et al., Gimli : A cross-platform permutation, in Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings (eds. W. Fischer and N. Homma), Lecture Notes in Computer Science, 10529, Springer, 2017,299–320. doi: 10.1007/978-3-319-66787-4_15. [5] G. Bertoni, J. Daemen, S. Hoffert, M. Peeters, G. V. Assche and R. V. Keer, Farfalle: Parallel permutation-based cryptography, IACR Trans. Symmetric Cryptol., 2017 (2017), 1–38. [6] G. Bertoni, J. Daemen, M. Peeters and G. V. Assche, Sponge-based pseudo-random number generators, in Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings (eds. S. Mangard and F. Standaert), Lecture Notes in Computer Science, 6225, Springer, 2010, 33–47. doi: 10.1007/978-3-642-15031-9_3. [7] G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, Sponge functions, in ECRYPT Hash Workshop, 2007, Citeseer, 2007. [8] G. Bertoni, J. Daemen, M. Peeters and G. Van Assche, Keccak, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2013,313–314. [9] T. Beyne, Y. L. Chen, C. Dobraunig and B. Mennink, Elephant, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/elephant-spec.pdf. [10] S. Bhattacharya and M. Nandi, Revisiting variable output length XOR pseudorandom function, IACR Cryptol. ePrint Arch., 2019 (2019), 249. Available from: URL https://eprint.iacr.org/2019/249. [11] R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in Advances in Cryptology - ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29 - December 3, 2015, Proceedings, Part II (eds. T. Iwata and J. H. Cheon), Lecture Notes in Computer Science, 9453, Springer, 2015,159–180. doi: 10.1007/978-3-662-48800-3_7. [12] R. Bhaumik and M. Nandi, An inverse-free single-keyed tweakable enciphering scheme, in International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2015,159–180. doi: 10.1007/978-3-662-48800-3_7. [13] A. Bogdanov, M. Knezevic, G. Leander, D. Toz, K. Varici and I. Verbauwhede, Spongent: A lightweight hash function, in Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings (eds. B. Preneel and T. Takagi), Lecture Notes in Computer Science, 6917, Springer, 2011,312–325. doi: 10.1007/978-3-642-23951-9_21. [14] A. Bogdanov, L. R. Knudsen, G. Leander, F.-X. Standaert, J. Steinberger and E. Tischhauser, Key-alternating ciphers in a provable setting: Encryption using a small number of public permutations, in Advances in Cryptology – EUROCRYPT 2012, Springer, 2012, 45–62. doi: 10.1007/978-3-642-29011-4_5. [15] B. Chakraborty and M. Nandi, Orange, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/orange-spec.pdf. [16] D. Chakraborty, S. Ghosh, C. Mancillas-López and P. Sarkar, FAST: Disk encryption and beyond, IACR Cryptology ePrint Archive, 2017 (2017), 849. Available from: URL http://eprint.iacr.org/2017/849. [17] D. Chakraborty, V. Hernandez-Jimenez and P. Sarkar, Another look at XCB, Cryptography and Communications, 7 (2015), 439-468.  doi: 10.1007/s12095-015-0127-8. [18] D. Chakraborty, C. Mancillas-López and P. Sarkar, STES: A stream cipher based low cost scheme for securing stored data, IACR Cryptology ePrint Archive, 2013 (2013), 347. doi: 10.1109/TC.2014.2366739. [19] D. Chakraborty and M. Nandi, An improved security bound for HCTR, in Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10-13, 2008, Revised Selected Papers, 2008,289–302. [20] D. Chakraborty and P. Sarkar, HCH: A new tweakable enciphering scheme using the hash-counter-hash approach, IEEE Transactions on Information Theory, 54 (2008), 1683-1699.  doi: 10.1109/TIT.2008.917623. [21] D. Chang, N. Datta, A. Dutta, B. Mennink, M. Nandi, S. Sanadhya and F. Sibleyras, Release of unverified plaintext: Tight unified model and application to ANYDAE, IACR Trans. Symmetric Cryptol., 2019 (2019), 119–146. [22] D. Chang and M. Nandi, A short proof of the PRP/PRF switching lemma, IACR Cryptol. ePrint Arch., 2008 (2008), 78. [23] S. Chen and J. P. Steinberger, Tight security bounds for key-alternating ciphers, in EUROCRYPT 2014. Proceedings, 2014,327–350. doi: 10.1007/978-3-642-55220-5_19. [24] Y. L. Chen, E. Lambooij and B. Mennink, How to build pseudorandom functions from public random permutations, in Advances in Cryptology - CRYPTO 2019 - 39th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2019, Proceedings, Part I, 2019,266–293. doi: 10.1007/978-3-030-26948-7_10. [25] B. Cogliati and Y. Seurin, On the provable security of the iterated even-mansour cipher against related-key and chosen-key attacks, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2015,584–613. doi: 10.1007/978-3-662-46800-5_23. [26] J. Daemen, S. Hoffert, M. Peeters, G. V. Assche and R. V. Keer, Xoodyak, a lightweight cryptographic scheme, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/Xoodyak-spec.pdf. [27] Y. Dai, Y. Seurin, J. Steinberger and A. Thiruvengadam, Indifferentiability of iterated even-mansour ciphers with non-idealized key-schedules: Five rounds are necessary and sufficient, in Annual International Cryptology Conference, Springer, 2017,524–555. doi: 10.1007/978-3-319-63697-9_18. [28] N. Datta, A. Dutta, M. Nandi and G. Paul, Double-block hash-then-sum: A paradigm for constructing bbb secure prf, IACR Transactions on Symmetric Cryptology, 36–92. [29] N. Datta, A. Dutta, M. Nandi, G. Paul and L. Zhang, Single key variant of pmac_plus, IACR Transactions on Symmetric Cryptology, 268–305. [30] N. Datta, A. Dutta, M. Nandi and K. Yasuda, Encrypt or decrypt? To make a single-key beyond birthday secure nonce-based mac, in Annual International Cryptology Conference, Springer, 2018,631–661. doi: 10.1007/978-3-319-96884-1_2. [31] I. Dinur, O. Dunkelman, N. Keller and A. Shamir, Key recovery attacks on iterated even–mansour encryption schemes, Journal of Cryptology, 29 (2016), 697-728.  doi: 10.1007/s00145-015-9207-3. [32] C. Dobraunig, M. Eichlseder, F. Mendel and M. Schläffer, Ascon v1.2, NIST LWC. Available from: URL https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/ascon-spec.pdf. [33] A. Dutta, Minimizing the two-round tweakable even-mansour cipher, in Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part I (eds. S. Moriai and H. Wang), Lecture Notes in Computer Science, 12491, Springer, 2020,601–629. doi: 10.1007/978-3-030-05378-9_3. [34] A. Dutta and M. Nandi, Tweakable HCTR: A BBB secure tweakable enciphering scheme, in Progress in Cryptology - INDOCRYPT 2018 - 19th International Conference on Cryptology in India, New Delhi, India, December 9-12, 2018, Proceedings, 2018, 47–69. doi: 10.1007/978-3-030-05378-9_3. [35] A. Dutta, M. Nandi and S. Talnikar, Beyond birthday bound secure mac in faulty nonce model, in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, 2019,437–466. doi: 10.1007/978-3-030-17653-2_15. [36] S. Even and Y. Mansour, A construction of a cipher from a single pseudorandom permutation, J. Cryptology, 10 (1997), 151-162.  doi: 10.1007/s001459900025. [37] S. Halevi, EME*: Extending EME to handle arbitrary-length messages with associated data. [38] S. Halevi and P. Rogaway, A tweakable enciphering mode, in CRYPTO (ed. D. Boneh), Lecture Notes in Computer Science, 2729, Springer, 2003,482–499. doi: 10.1007/978-3-540-45146-4_28. [39] S. Halevi and P. Rogaway, A parallelizable enciphering mode, in CT-RSA (ed. T. Okamoto), Lecture Notes in Computer Science, 2964, Springer, 2004,292–304. doi: 10.1007/978-3-540-24660-2_23. [40] V. T. Hoang, T. Krovetz and P. Rogaway, Robust authenticated-encryption AEZ and the problem that it solves, in Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I (eds. E. Oswald and M. Fischlin), Lecture Notes in Computer Science, 9056, Springer, 2015, 15–44. doi: 10.1007/978-3-662-46800-5_2. [41] M. Kumar, Security of XCB and HCTR, in M. Tech. (Computer Science) Thesis [42] M. Liskov, R. L. Rivest and D. Wagner, Tweakable block ciphers, in Annual International Cryptology Conference, Springer, 2002, 31–46. doi: 10.1007/3-540-45708-9_3. [43] M. Liskov, R. L. Rivest and D. A. Wagner, Tweakable block ciphers, J. Cryptology, 24 (2011), 588-613.  doi: 10.1007/s00145-010-9073-y. [44] D. A. McGrew and S. R. Fluhrer, The security of the extended codebook (XCB) mode of operation, in Selected Areas in Cryptography (eds. C. M. Adams, A. Miri and M. J. Wiener), Lecture Notes in Computer Science, 4876, Springer, 2007,311–327. [45] B. Mennink, R. Reyhanitabar and D. Vizár, Security of full-state keyed sponge and duplex: Applications to authenticated encryption, in International Conference on the Theory and Application of Cryptology and Information Security, Springer, 2015,465–489. doi: 10.1007/978-3-662-48800-3_19. [46] K. Minematsu, Beyond-birthday-bound security based on tweakable block cipher, in International Workshop on Fast Software Encryption, Springer, 2009,308–326. [47] NIST, Available from: https://csrc.nist.gov/projects/lightweight-cryptography. [48] J. Patarin, The "coefficients H" technique, in Selected Areas in Cryptography, SAC, 2008,328–345. [49] P. Rogaway, M. Bellare and J. Black, Sha-3 standard, ACM Transactions on Information and System Security (TISSEC), 6 (2003), 365-403. [50] P. Sarkar, Tweakable enciphering schemes from stream ciphers with IV, IACR Cryptol. ePrint Arch., 2009 (2009), 321. Available from: URL http://eprint.iacr.org/2009/321. [51] P. Wang, D. Feng and W. Wu, HCTR: A variable-input-length enciphering mode, in Information Security and Cryptology, First SKLOIS Conference, CISC 2005, Beijing, China, December 15-17, 2005, Proceedings, 2005,175–188. doi: 10.1007/11599548_15. [52] M. N. Wegman and J. L. Carter, New classes and applications of hash functions, in 20th Annual Symposium on Foundations of Computer Science (sfcs 1979), IEEE, 1979,175–182. doi: 10.1016/0022-0000(79)90044-8.
$\textsf{HCTR}$ construction based on an $n$-bit block cipher $\textsf{E}_k$ and an $n$-bit Polyhash function. Left part of the algorithm is the encryption function and right part is the decryption function
$\textsf{HCTR}$ construction with tweak $T$ and message $M_1 \| M_2 \| \ldots \| M_{l}$ and the corresponding ciphertext $C_1 \| C_2 \| \ldots \| C_{l}$. $\textsf{Poly}_{K_h}$ is the polynomial hash function with hash key $K_h$. $\textsf{Ctr}_{ \textsf{E}_K}$ is the block cipher based counter mode of encryption
$\textsf{ppTES}$ based on an $n$-bit public random permutations $\pi_1$, an AXUAR hash function $\textsf{H}_{k_h}$ and a public permutation based length expanding PRF $\textsf{F}^{\pi_2}_k$. $M \in \{0,1\}^{\geq n}$ is the input message and $T \in \{0,1\}^{\tt tw}$ is the tweak. Left part of the algorithm is the encryption function and right part is the decryption function
Algorithm corresponding to a length expanding random function. $\mathbb{T}[x]_{1, \ldots, b}$ denotes the first $b$ many blocks stored at the $x$-th entry of table $\mathbb{T}$
$\textsf{ppCTR}$ construction with an $n$-bit input $z$ and an integer $b = 3$ and corresponding output $S_1\|S_2\|S_3$. $\pi$ is the public random permutation, $k$ is the key and $\gamma$ is the root of a primitive polynomial of $\mathrm{GF}(2^n)$
$\textsf{ppHCTR+}$ based on an $n$-bit public random permutation $\pi$ and an $n$-bit random hash key $k_h$. Left part is the encryption algorithm and right part is its decryption algorithm

2021 Impact Factor: 1.015

## Tools

Article outline

Figures and Tables