Showing papers by "Eik List published in 2018"
19 Aug 2018
TL;DR: This paper proposes with Rastaa a design strategy for symmetric encryption that has ANDdepth d and at the same time only needs d ANDs per encrypted bit, and is to the best of the knowledge the first attempt that minimizes both metrics simultaneously.
Abstract: Recent developments in multi party computation (MPC) and fully homomorphic encryption (FHE) promoted the design and analysis of symmetric cryptographic schemes that minimize multiplications in one way or another. In this paper, we propose with Rastaa design strategy for symmetric encryption that has ANDdepth d and at the same time only needs d ANDs per encrypted bit. Even for very low values of d between 2 and 6 we can give strong evidence that attacks may not exist. This contributes to a better understanding of the limits of what concrete symmetric-key constructions can theoretically achieve with respect to AND-related metrics, and is to the best of our knowledge the first attempt that minimizes both metrics simultaneously. Furthermore, we can give evidence that for choices of d between 4 and 6 the resulting implementation properties may well be competitive by testing our construction in the use-case of removing the large ciphertext-expansion when using the BGV scheme.
65 citations
Posted Content•
TL;DR: In this paper, the authors proposed a symmetric key construction with ANDdepth d and only needs d ANDs per encrypted bit, which is to the best of our knowledge the first attempt that minimizes both metrics simultaneously.
Abstract: Recent developments in multi party computation (MPC) and fully homomorphic encryption (FHE) promoted the design and analysis of symmetric cryptographic schemes that minimize multiplications in one way or another. In this paper, we propose with Rastaa design strategy for symmetric encryption that has ANDdepth d and at the same time only needs d ANDs per encrypted bit. Even for very low values of d between 2 and 6 we can give strong evidence that attacks may not exist. This contributes to a better understanding of the limits of what concrete symmetric-key constructions can theoretically achieve with respect to AND-related metrics, and is to the best of our knowledge the first attempt that minimizes both metrics simultaneously. Furthermore, we can give evidence that for choices of d between 4 and 6 the resulting implementation properties may well be competitive by testing our construction in the use-case of removing the large ciphertext-expansion when using the BGV scheme.
18 citations
Posted Content•
TL;DR: Sparx is a family of ARX-based block ciphers designed according to the long-trail strategy (LTS) that were both introduced by Dinu et al. at ASIACRYPT’16 and presented at AFRICACRYpt’17, where the only third-party cryptanalysis on Sparx-64/128 to date was given.
Abstract: Sparx is a family of ARX-based block ciphers designed according to the long-trail strategy (LTS) that were both introduced by Dinu et al. at ASIACRYPT’16. Similar to the wide-trail strategy, the LTS allows provable upper bounds on the length of differential characteristics and linear paths. Thus, the cipher is a highly interesting target for third-party cryptanalysis. However, the only third-party cryptanalysis on Sparx-64/128 to date was given by Abdelkhalek et al. at AFRICACRYPT’17 who proposed impossible-differential attacks on 15 and 16 (out of 24) rounds.
10 citations
TL;DR: This work proposes POEx, a beyond-birthday-bound-secure on-line cipher which employs one call to a tweakable block cipher and onecall to a 2n-bit universal hash function per message block which builds upon the recently proposed XTX tweak extender by Iwata and Minematsu.
Abstract: On-line ciphers are convenient building blocks for realizing efficient single- pass encryption. In particular, the trend to limit the consequences of nonce reuses rendered them popular in recent authenticated encryption schemes. While encryption schemes, such as POE, COPE, or the ciphers within ElmE/ElmD concentrated on efficiency, their security guarantees and that of all earlier on-line ciphers is limited by the birthday bound, and so are those of the AE schemes built upon them. This work proposes POEx, a beyond-birthday-bound-secure on-line cipher which employs one call to a tweakable block cipher and one call to a 2n-bit universal hash function per message block. POEx builds upon the recently proposed XTX tweak extender by Iwata and Minematsu. We prove the security of our construction and discuss possible instantiations.
8 citations
02 Jul 2018
TL;DR: Sparx-64/128 is a family of ARX-based block ciphers designed according to the long-trail strategy (LTS) that were both introduced by Dinu et al. at ASIACRYPT'16.
Abstract: Sparx is a family of ARX-based block ciphers designed according to the long-trail strategy (LTS) that were both introduced by Dinu et al. at ASIACRYPT’16. Similar to the wide-trail strategy, the LTS allows provable upper bounds on the length of differential characteristics and linear paths. Thus, the cipher is a highly interesting target for third-party cryptanalysis. However, the only third-party cryptanalysis on Sparx-64/128 to date was given by Abdelkhalek et al. at AFRICACRYPT’17 who proposed impossible-differential attacks on 15 and 16 (out of 24) rounds.
7 citations
Journal Article•
TL;DR: In this paper, Nandi showed at ASIACRYPT'15 that at least two calls to the primitive per processed message block are required for SPRP security, assuming that all further operations are linear.
Abstract: Strong Pseudo-random Permutations (SPRPs) are important for various applications. In general, it is desirable to base an SPRP on a single-keyed primitive for minimizing the implementation costs. For constructions built on classical block ciphers, Nandi showed at ASIACRYPT’15 that at least two calls to the primitive per processed message block are required for SPRP security, assuming that all further operations are linear. The ongoing trend of using tweakable block ciphers as primitive has already led to MACs or encryption modes with high security and efficiency properties. Thus, three interesting research questions are hovering in the domain of SPRPs: (1) if and to which extent the bound of two calls per block can be reduced with a tweakable block cipher, (2) how concrete constructions could be realized, and (3) whether full n-bit security is achievable from primitives with n-bit state size.
3 citations
02 Dec 2018
TL;DR: Three interesting research questions are hovering in the domain of SPRPs: (1) if and to which extent the bound of two calls per block can be reduced with a tweakable block cipher, (2) how concrete constructions could be realized, and (3) whether full n-bit security is achievable from primitives with n- bit state size.
Abstract: Strong Pseudo-random Permutations (SPRPs) are important for various applications. In general, it is desirable to base an SPRP on a single-keyed primitive for minimizing the implementation costs. For constructions built on classical block ciphers, Nandi showed at ASIACRYPT’15 that at least two calls to the primitive per processed message block are required for SPRP security, assuming that all further operations are linear. The ongoing trend of using tweakable block ciphers as primitive has already led to MACs or encryption modes with high security and efficiency properties. Thus, three interesting research questions are hovering in the domain of SPRPs: (1) if and to which extent the bound of two calls per block can be reduced with a tweakable block cipher, (2) how concrete constructions could be realized, and (3) whether full n-bit security is achievable from primitives with n-bit state size.
2 citations