28 research outputs found

    Improved Security for OCB3

    Get PDF
    OCB3 is the current version of the OCB authenticated encryption mode which is selected for the third round in CAESAR. So far the integrity analysis has limited to an adversary making a single forging attempt. A simple extension for the best known bound establishes integrity security as long as the total number of query blocks (including encryptions and forging attempts) does not exceed the birthday-bound. In this paper we show an improved bound for integrity of OCB3 in terms of the number of blocks in the forging attempt. In particular we show that when the number of encryption query blocks is not more than birthdaybound (an assumption without which the privacy guarantee of OCB3 disappears), even an adversary making forging attempts with the number of blocks in the order of 2n=L_MAX (n being the block-size and L_MAX being the length of the longest block) may fail to break the integrity of OCB3

    An Inverse-free Single-Keyed Tweakable Enciphering Scheme

    Get PDF
    In CRYPTO 2003, Halevi and Rogaway proposed CMC, a tweakable enciphering scheme (TES) based on a blockcipher. It requires two blockcipher keys and it is not inverse-free (i.e., the decryption algorithm uses the inverse (decryption) of the underlying blockcipher). We present here a new inverse-free, single-keyed TES. Our construction is a tweakable strong pseudorandom permutation (tsprp), i.e., it is secure against chosen-plaintext-ciphertext adversaries assuming that the underlying blockcipher is a pseudorandom permutation (prp), i.e., secure against chosen-plaintext adversaries. In comparison, sprp assumption of the blockcipher is required for the sprp security of CMC. Our scheme can be viewed as a mixture of type-1 and type-3 Feistel cipher and so we call it FMix or mixed-type Feistel cipher

    OleF: an Inverse-Free Online Cipher. An Online SPRP with an Optimal Inverse-Free Construction

    Get PDF
    Online ciphers, in spite of being insecure against an sprp adversary, can be desirable at places because of their ease of implementation and speed. Here we propose a single-keyed inverse-free construction that achieves online sprp security with an optimal number of blockcipher calls. We also include a partial block construction, without requiring any extra key

    OleF: An Inverse-Free Online Cipher

    Get PDF
    Online ciphers, in spite of being insecure against an sprp adversary, can be desirable at places because of their ease of implementation and speed. Here we propose a single-keyed inverse-free construction that achieves online sprp security with an optimal number of blockcipher calls. We also include a partial block construction, without requiring any extra key

    Revisiting Turning Online Cipher Off

    Get PDF
    In \u27Turning Online Ciphers Off\u27, a class of constructions was defined based on layers of secure online ciphers interleaved with simple mixing layers (like reversing and block-shifting). Here we show that an SPRP construction proposed in the work cited is insecure. Howevewr, the same construction is secure under the assumption that the underlying construction is online-but-last ciphers. We include a simpler proof for beyond-birthday security of other constructions proposed in the same work

    BBB PRP Security of the Lai-Massey Mode

    Get PDF
    In spite of being a popular technique for designing block ciphers, Lai-Massey networks have received considerably less attention from a security analysis point-of-view than Feistel networks and Substitution-Permutation networks. In this paper we study the beyond-birthday-bound (BBB) security of Lai-Massey networks with independent random round functions against chosen-plaintext adversaries. Concretely, we show that five rounds are necessary and sufficient to achieve BBB security

    A Sponge-Based PRF with Good Multi-user Security

    Get PDF
    Both multi-user PRFs and sponge-based constructions have generated a lot of research interest lately. Dedicated analyses for multi-user security have improved the bounds a long distance from the early generic bounds obtained through hybrid arguments, yet the bounds generally don\u27t allow the number of users to be more than birthday-bound in key-size. Similarly, known sponge constructions suffer from being only birthday-bound secure in terms of their capacity. We present in this paper Muffler\textsf{Muffler}, a multi-user PRF built from a random permutation using a full-state sponge with feed-forward, which uses a combination of the user keys and unique user IDs to solve both the problems mentioned by improving the security bounds for multi-user constructions and sponge constructions. For DD construction query blocks and TT permutation queries, with key-size κ=n/2\kappa = n/2 and tag-size τ\tau = n/2n/2 (where nn is the state-size or the size of the underlying permutation), both DD and TT must touch birthday bound in nn in order to distinguish Muffler\textsf{Muffler} from a random function

    Offset-Based BBB-Secure Tweakable Block-ciphers with Updatable Caches

    Get PDF
    A nonce-respecting tweakable blockcipher is the building-block for the OCB authenticated encryption mode. An XEX-based TBC is used to process each block in OCB. However, XEX can provide at most birthday bound privacy security, whereas in Asiacrypt 2017, beyond-birthday-bound (BBB) forging security of OCB3 was shown by Bhaumik and Nandi. In this paper we study how at a small cost we can construct a nonce-respecting BBB-secure tweakable blockcipher. We propose the OTBC-3 construction, which maintains a cache that can be easily updated when used in an OCB-like mode. We show how this can be used in a BBB-secure variant of OCB with some additional keys and a few extra blockcipher calls but roughly the same amortised rate

    Eutetrarhynchid trypanorhynchs (Cestoda) from elasmobranchs off Argentina, including the description of Dollfusiella taminii sp. n. and Parachristianella damiani sp. n., and amended description of Dollfusiella vooremi (São Clemente et Gomes, 1989)

    Get PDF
    During a parasitological survey of teleosts and elasmobranchs in the Argentine Sea, 3 species of eutetrarhynchids were collected from the batoids Myliobatis goodei Garman and Psammobatis bergi Marini, and the shark Mustelus schmitti Springer. The specimens collected from Mu. schmitti were identified as Dollfusiela vooremi (São Clemente et Gomes, 1989), whereas the specimens from My. goodei and Ps. bergi resulted in new species of Dollfusiella Campbell et Beveridge, 1994 and Parachristianella Dollfus, 1946, respectively. Dollfusiella taminii sp. n. from Ps. bergi is characterised by a distinct basal armature with basal swelling and a heteroacanthous homeomorphous metabasal armature with 7–9 falcate hooks per principal row. Parachristianella damiani sp. n. from My. goodei lacks a distinct basal armature, having 2–3 initial rows of uncinate hooks, a heteroacanthous heteromorphous metabasal armature with the first principal row of small hooks, followed by rows with 10–14 large hooks. This is the first record of Parachristianella in the southwestern Atlantic. The amended description of D. vooremi includes the detailed description of the tentacular armature, including SEM micrographs of all tentacular surfaces. This species is characterised by a basal armature consisting of rows of uncinate and falcate hooks, a basal swelling and a metabasal armature with billhooks on the antibothrial surface and uncinate hooks on the bothrial surface. The scolex peduncle of D. vooremi is covered with enlarged spinitriches. This species is restricted to carcharhiniform sharks, since the report of D. vooremi in Sympterygia bonapartii Müller et Henle off Bahía Blanca (Argentina) is dubious.Fil: Menoret, Adriana. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Biodiversidad y Biología Experimental y Aplicada. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Instituto de Biodiversidad y Biología Experimental y Aplicada; ArgentinaFil: Ivanov, Veronica Adriana. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Biodiversidad y Biología Experimental y Aplicada. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Instituto de Biodiversidad y Biología Experimental y Aplicada; Argentin

    On Quantum Secure Compressing Pseudorandom Functions

    Get PDF
    In this paper we characterize all 2n2n-bit-to-nn-bit Pseudorandom Functions (PRFs) constructed with the minimum number of calls to nn-bit-to-nn-bit PRFs and arbitrary number of linear functions. First, we show that all two-round constructions are either classically insecure, or vulnerable to quantum period-finding attacks. Second, we categorize three-round constructions depending on their vulnerability to these types of attacks. This allows us to identify classes of constructions that could be proven secure. We then proceed to show the security of the following three candidates against any quantum distinguisher that asks at most 2n/4 2^{n/4} (possibly superposition) queries TNT(x1,x2):=f3(x2f2(x2f1(x1)))LRQ(x1,x2):=f2(x2)f3(x2f1(x1))LRWQ(x1,x2):=f3(f1(x1)f2(x2)). \begin{array}{rcl} \mathsf{TNT}(x_1,x_2) &:=& f_3(x_2 \oplus f_2(x_2 \oplus f_1(x_1)))\\ \mathsf{LRQ}(x_1,x_2) &:=& f_2(x_2) \oplus f_3(x_2 \oplus f_1(x_1))\\ \mathsf{LRWQ}(x_1,x_2) &:=& f_3( f_1(x_1) \oplus f_2(x_2)). \end{array} Note that the first construction is a classically secure tweakable block cipher due to Bao et al., and the third construction is shown to be quantum secure tweakable block cipher by Hosoyamada and Iwata with similar query limits. Of note is our proof framework, an adaptation of Chung et al.\u27s rigorous formulation of Zhandry\u27s compressed oracle technique in indistinguishability setup, which could be of independent interests. This framework gives very compact and mostly classical looking proofs as compared to Hosoyamada and Iwata interpretation of Zhandry\u27s compressed oracle
    corecore