Tight Security of Cascaded LRW2,Journal of Cryptology

当前位置： X-MOL 学术 › J. Cryptol. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Tight Security of Cascaded LRW2
Journal of Cryptology ( IF 3 ) Pub Date : 2020-03-05 , DOI: 10.1007/s00145-020-09347-y
Ashwin Jha , Mridul Nandi

At CRYPTO ’12, Landecker et al. introduced the cascaded LRW2 (or CLRW2) construction and proved that it is a secure tweakable block cipher up to roughly 22n/3\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{2n/3} $$\end{document} queries. Recently, Mennink has presented a distinguishing attack on CLRW2 in 2n1/223n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2n^{1/2}2^{3n/4} $$\end{document} queries. In the same paper, he discussed some non-trivial bottlenecks in proving tight security bound, i.e., security up to 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document} queries. Subsequently, he proved security up to 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document} queries for a variant of CLRW2 using 4-wise independent AXU assumption and the restriction that each tweak value occurs at most 2n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{n/4} $$\end{document} times. Moreover, his proof relies on a version of mirror theory which is yet to be publicly verified. In this paper, we resolve the bottlenecks in Mennink’s approach and prove that the original CLRW2 is indeed a secure tweakable block cipher up to roughly 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document} queries. To do so, we develop two new tools: First, we give a probabilistic result that provides improved bound on the joint probability of some special collision events, and second, we present a variant of Patarin’s mirror theory in tweakable permutation settings with a self-contained and concrete proof. Both these results are of generic nature and can be of independent interests. To demonstrate the applicability of these tools, we also prove tight security up to roughly 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document} queries for a variant of DbHtS, called DbHtS-p, that uses two independent universal hash functions.

中文翻译：

级联 LRW2 的严密安全性

在 CRYPTO '12 上，Landecker 等人。引入了级联 LRW2（或 CLRW2）结构并证明它是一个安全的可调整分组密码，最高可达 22n/3\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage {amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{2n/3} $$\end{document} 查询. 最近，Mennink 在 2n1/223n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \ usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2n^{1/2}2^{3n/4} $$\end{document} 查询。在同一篇论文中，他讨论了证明严格安全边界的一些重要瓶颈，即安全性高达 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \ usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document} 查询。随后，他证明安全性高达 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document} 使用 4-wise 独立 AXU 假设和限制查询 CLRW2 的变体调整值最多出现 2n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek } \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{n/4} $$\end{document} 次。此外，他的证明依赖于尚未公开验证的镜像理论版本。在本文中，我们解决了 Mennink 方法中的瓶颈，并证明原始 CLRW2 确实是一个安全的可调整分组密码，最高可达大约 23n/4\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \ usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ 2^{3n/4} $$\end{document}查询。为此，我们开发了两个新工具：首先，我们给出了一个概率结果，该结果为某些特殊碰撞事件的联合概率提供了改进的界限；其次，我们在可调整的置换设置中提出了 Patarin 镜像理论的一个变体，具有自包含和具体的证据。这两个结果都是通用的，可以是独立的。为了证明这些工具的适用性，

更新日期：2020-03-05

点击分享查看原文

点击收藏

阅读更多本刊最新论文本刊介绍/投稿指南

全部期刊列表>>