Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/146455
Full metadata record
DC FieldValueLanguage
dc.contributor.authorGuo, Chunen_US
dc.contributor.authorGuo, Jianen_US
dc.contributor.authorList, Eiken_US
dc.contributor.authorSong, Lingen_US
dc.date.accessioned2021-02-17T08:34:38Z-
dc.date.available2021-02-17T08:34:38Z-
dc.date.issued2020-
dc.identifier.citationGuo, C., Guo, J., List, E., & Song, L. (2020). Towards closing the security gap of Tweak-aNd-Tweak (TNT). ASIACRYPT 2020, 12491 LNCS, 567-597. doi:10.1007/978-3-030-64837-4_19en_US
dc.identifier.isbn9783030648367-
dc.identifier.urihttps://hdl.handle.net/10356/146455-
dc.description.abstractTweakable block ciphers (TBCs) have been established as a valuable replacement for many applications of classical block ciphers. While several dedicated TBCs have been proposed in the previous years, generic constructions that build a TBC from a classical block cipher are still highly useful, for example, to reuse an existing implementation. However, most generic constructions need an additional call to either the block cipher or a universal hash function to process the tweak, which limited their efficiency. To address this deficit, Bao et al. proposed Tweak-aNd-Tweak (TNT) at EUROCRYPT’20. Their construction chains three calls to independent keyed permutations and adds the unmodified tweak to the state in between the calls. They further suggested an efficient instantiation TNT-AES that was based on round-reduced AES for each of the permutations. Their work could prove 2n/3-bit security for their construction, where n is the block size in bits. Though, in the absence of an upper bound, their analysis had to consider all possible attack vectors with up to 2n time, data, and memory. Still, closing the gap between both bounds remained a highly interesting research question. In this work, we show that a variant of Mennink’s distinguisher on CLRW2 with O(n23n/4) data and O(23n/2) time from TCC’18 also applies to TNT. We reduce its time complexity to O(n23n/4), show the existence of a second similar distinguisher, and demonstrate how to transform the distinguisher to a key-recovery attack on from an impossible differential. From a constructive point of view, we adapt the rigorous STPRP analysis of CLRW2 by Jha and Nandi to show O(23n/4) TPRP security for TNT. Thus, we move towards closing the gap between the previous proof and attacks for TNT as well as its proposed instance.en_US
dc.description.sponsorshipMinistry of Education (MOE)en_US
dc.language.isoenen_US
dc.rights© 2020 International Association for Cryptologic Research (IACR) (published by Springer). All rights reserved. This paper was published in ASIACRYPT 2020 and is made available with permission of International Association for Cryptologic Research (IACR) (published by Springer).en_US
dc.subjectScienceen_US
dc.titleTowards closing the security gap of Tweak-aNd-Tweak (TNT)en_US
dc.typeConference Paperen
dc.contributor.schoolSchool of Physical and Mathematical Sciencesen_US
dc.contributor.conferenceInternational Conference on the Theory and Application of Cryptology and Information Securityen_US
dc.identifier.doi10.1007/978-3-030-64837-4_19-
dc.description.versionAccepted versionen_US
dc.identifier.scopus2-s2.0-85097822128-
dc.identifier.volume12491 LNCSen_US
dc.identifier.spage567en_US
dc.identifier.epage597en_US
dc.subject.keywordsCryptanalysisen_US
dc.subject.keywordsBlock Cipheren_US
dc.description.acknowledgementThis research has been partially supported by Nanyang Technological University in Singapore under Grant 04INS000397C230, Singapore’s Ministry of Education under Grants RG18/19 and MOE2019-T2-1-060.en_US
item.fulltextWith Fulltext-
item.grantfulltextopen-
Appears in Collections:SPMS Conference Papers
Files in This Item:
File Description SizeFormat 
main.pdf461.72 kBAdobe PDFThumbnail
View/Open

SCOPUSTM   
Citations 50

1
Updated on Mar 26, 2024

Page view(s)

387
Updated on Mar 28, 2024

Download(s) 50

141
Updated on Mar 28, 2024

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.