ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption
We define ZOCB and ZOTR for nonce-based authenticated encryption with associated data, and analyze their provable security. These schemes use a tweakable blockcipher (TBC) as the underlying primitive, and fully utilize its input to process a plaintext and associated data (AD). This property is commo...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/142169 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-142169 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1421692023-02-28T19:25:47Z ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption Bao, Zhenzhen Guo, Jian Iwata, Tetsu Minematsu, Kazuhiko School of Physical and Mathematical Sciences Strategic Centre for Research in Privacy-Preserving Technologies and Systems Science::Mathematics ZOCB ZOTR We define ZOCB and ZOTR for nonce-based authenticated encryption with associated data, and analyze their provable security. These schemes use a tweakable blockcipher (TBC) as the underlying primitive, and fully utilize its input to process a plaintext and associated data (AD). This property is commonly referred to as full absorption, and this has been explored for schemes based on a permutation or a pseudorandom function (PRF). Our schemes improve the efficiency of TBC-based counterparts of OCB and OTR called OCB3 (Krovetz and Rogaway, FSE 2011) and OTR (Minematsu, EUROCRYPT 2014). Specifically, ΘCB3 and OTR have an independent part to process AD, and our schemes integrate this process into the encryption part of a plaintext by using the tweak input of the TBC. Up to a certain length of AD, ZOCB and ZOTR completely eliminate the independent process for it. Even for longer AD, our schemes process it efficiently by fully using the tweak input of the TBC. For this purpose, based on previous tweak extension schemes for TBCs, we introduce a scheme called XTX*. To our knowledge, ZOCB and ZOTR are the first efficiency improvement of ΘCB3 and OTR in terms of the number of TBC calls. Compared to Sponge-based and PRF-based schemes, ZOCB and ZOTR allow fully parallel computation of the underlying primitive, and have a unique design feature that an authentication tag is independent of a part of AD. We present experimental results illustrating the practical efficiency gain and clarifying the efficiency cost for it with a concrete instantiation. The results show that for long input data, our schemes have gains, while we have efficiency loss for short input data. NRF (Natl Research Foundation, S’pore) MOE (Min. of Education, S’pore) Published version 2020-06-16T09:10:31Z 2020-06-16T09:10:31Z 2019 Journal Article Bao, Z., Guo, J., Iwata, T., & Minematsu, K. (2019). ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption. IACR Transactions on Symmetric Cryptology, 2019(2), 1-54. doi:10.13154/tosc.v2019.i2.1-54 2519-173X https://hdl.handle.net/10356/142169 10.13154/tosc.v2019.i2.1-54 2-s2.0-85069461203 2 2019 1 54 en IACR Transactions on Symmetric Cryptology © 2019 Zhenzhen Bao, Jian Guo, Tetsu Iwata, Kazuhiko Minematsu. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics ZOCB ZOTR |
| spellingShingle |
Science::Mathematics ZOCB ZOTR Bao, Zhenzhen Guo, Jian Iwata, Tetsu Minematsu, Kazuhiko ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption |
| description |
We define ZOCB and ZOTR for nonce-based authenticated encryption with associated data, and analyze their provable security. These schemes use a tweakable blockcipher (TBC) as the underlying primitive, and fully utilize its input to process a plaintext and associated data (AD). This property is commonly referred to as full absorption, and this has been explored for schemes based on a permutation or a pseudorandom function (PRF). Our schemes improve the efficiency of TBC-based counterparts of OCB and OTR called OCB3 (Krovetz and Rogaway, FSE 2011) and OTR (Minematsu, EUROCRYPT 2014). Specifically, ΘCB3 and OTR have an independent part to process AD, and our schemes integrate this process into the encryption part of a plaintext by using the tweak input of the TBC. Up to a certain length of AD, ZOCB and ZOTR completely eliminate the independent process for it. Even for longer AD, our schemes process it efficiently by fully using the tweak input of the TBC. For this purpose, based on previous tweak extension schemes for TBCs, we introduce a scheme called XTX*. To our knowledge, ZOCB and ZOTR are the first efficiency improvement of ΘCB3 and OTR in terms of the number of TBC calls. Compared to Sponge-based and PRF-based schemes, ZOCB and ZOTR allow fully parallel computation of the underlying primitive, and have a unique design feature that an authentication tag is independent of a part of AD. We present experimental results illustrating the practical efficiency gain and clarifying the efficiency cost for it with a concrete instantiation. The results show that for long input data, our schemes have gains, while we have efficiency loss for short input data. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Bao, Zhenzhen Guo, Jian Iwata, Tetsu Minematsu, Kazuhiko |
| format |
Article |
| author |
Bao, Zhenzhen Guo, Jian Iwata, Tetsu Minematsu, Kazuhiko |
| author_sort |
Bao, Zhenzhen |
| title |
ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption |
| title_short |
ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption |
| title_full |
ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption |
| title_fullStr |
ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption |
| title_full_unstemmed |
ZOCB and ZOTR : tweakable blockcipher modes for authenticated encryption with full absorption |
| title_sort |
zocb and zotr : tweakable blockcipher modes for authenticated encryption with full absorption |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/142169 |
| _version_ |
1759854633372614656 |