Towards closing the security gap of Tweak-aNd-Tweak (TNT)
Tweakable block ciphers (TBCs) have been established as a valuable replacement for many applications of classical block ciphers. While several dedicated TBCs have been proposed in the previous years, generic constructions that build a TBC from a classical block cipher are still highly useful, for ex...
Saved in:
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/146455 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-146455 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1464552023-02-28T19:17:52Z Towards closing the security gap of Tweak-aNd-Tweak (TNT) Guo, Chun Guo, Jian List, Eik Song, Ling School of Physical and Mathematical Sciences International Conference on the Theory and Application of Cryptology and Information Security Science Cryptanalysis Block Cipher Tweakable block ciphers (TBCs) have been established as a valuable replacement for many applications of classical block ciphers. While several dedicated TBCs have been proposed in the previous years, generic constructions that build a TBC from a classical block cipher are still highly useful, for example, to reuse an existing implementation. However, most generic constructions need an additional call to either the block cipher or a universal hash function to process the tweak, which limited their efficiency. To address this deficit, Bao et al. proposed Tweak-aNd-Tweak (TNT) at EUROCRYPT’20. Their construction chains three calls to independent keyed permutations and adds the unmodified tweak to the state in between the calls. They further suggested an efficient instantiation TNT-AES that was based on round-reduced AES for each of the permutations. Their work could prove 2n/3-bit security for their construction, where n is the block size in bits. Though, in the absence of an upper bound, their analysis had to consider all possible attack vectors with up to 2n time, data, and memory. Still, closing the gap between both bounds remained a highly interesting research question. In this work, we show that a variant of Mennink’s distinguisher on CLRW2 with O(n23n/4) data and O(23n/2) time from TCC’18 also applies to TNT. We reduce its time complexity to O(n23n/4), show the existence of a second similar distinguisher, and demonstrate how to transform the distinguisher to a key-recovery attack on from an impossible differential. From a constructive point of view, we adapt the rigorous STPRP analysis of CLRW2 by Jha and Nandi to show O(23n/4) TPRP security for TNT. Thus, we move towards closing the gap between the previous proof and attacks for TNT as well as its proposed instance. Ministry of Education (MOE) Accepted version This research has been partially supported by Nanyang Technological University in Singapore under Grant 04INS000397C230, Singapore’s Ministry of Education under Grants RG18/19 and MOE2019-T2-1-060. 2021-02-17T08:34:38Z 2021-02-17T08:34:38Z 2020 Conference Paper Guo, C., Guo, J., List, E., & Song, L. (2020). Towards closing the security gap of Tweak-aNd-Tweak (TNT). ASIACRYPT 2020, 12491 LNCS, 567-597. doi:10.1007/978-3-030-64837-4_19 9783030648367 https://hdl.handle.net/10356/146455 10.1007/978-3-030-64837-4_19 2-s2.0-85097822128 12491 LNCS 567 597 en © 2020 International Association for Cryptologic Research (IACR) (published by Springer). All rights reserved. This paper was published in ASIACRYPT 2020 and is made available with permission of International Association for Cryptologic Research (IACR) (published by Springer). application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Science Cryptanalysis Block Cipher |
spellingShingle |
Science Cryptanalysis Block Cipher Guo, Chun Guo, Jian List, Eik Song, Ling Towards closing the security gap of Tweak-aNd-Tweak (TNT) |
description |
Tweakable block ciphers (TBCs) have been established as a valuable replacement for many applications of classical block ciphers. While several dedicated TBCs have been proposed in the previous years, generic constructions that build a TBC from a classical block cipher are still highly useful, for example, to reuse an existing implementation. However, most generic constructions need an additional call to either the block cipher or a universal hash function to process the tweak, which limited their efficiency. To address this deficit, Bao et al. proposed Tweak-aNd-Tweak (TNT) at EUROCRYPT’20. Their construction chains three calls to independent keyed permutations and adds the unmodified tweak to the state in between the calls. They further suggested an efficient instantiation TNT-AES that was based on round-reduced AES for each of the permutations. Their work could prove 2n/3-bit security for their construction, where n is the block size in bits. Though, in the absence of an upper bound, their analysis had to consider all possible attack vectors with up to 2n time, data, and memory. Still, closing the gap between both bounds remained a highly interesting research question. In this work, we show that a variant of Mennink’s distinguisher on CLRW2 with O(n23n/4) data and O(23n/2) time from TCC’18 also applies to TNT. We reduce its time complexity to O(n23n/4), show the existence of a second similar distinguisher, and demonstrate how to transform the distinguisher to a key-recovery attack on from an impossible differential. From a constructive point of view, we adapt the rigorous STPRP analysis of CLRW2 by Jha and Nandi to show O(23n/4) TPRP security for TNT. Thus, we move towards closing the gap between the previous proof and attacks for TNT as well as its proposed instance. |
author2 |
School of Physical and Mathematical Sciences |
author_facet |
School of Physical and Mathematical Sciences Guo, Chun Guo, Jian List, Eik Song, Ling |
format |
Conference or Workshop Item |
author |
Guo, Chun Guo, Jian List, Eik Song, Ling |
author_sort |
Guo, Chun |
title |
Towards closing the security gap of Tweak-aNd-Tweak (TNT) |
title_short |
Towards closing the security gap of Tweak-aNd-Tweak (TNT) |
title_full |
Towards closing the security gap of Tweak-aNd-Tweak (TNT) |
title_fullStr |
Towards closing the security gap of Tweak-aNd-Tweak (TNT) |
title_full_unstemmed |
Towards closing the security gap of Tweak-aNd-Tweak (TNT) |
title_sort |
towards closing the security gap of tweak-and-tweak (tnt) |
publishDate |
2021 |
url |
https://hdl.handle.net/10356/146455 |
_version_ |
1759856967505936384 |