Abstract
A common trend in applications of block ciphers over the past decades has been to employ block ciphers as one piece of a “mode of operation”—possibly, a way to make a secure symmetric-key cryptosystem, but more generally, any cryptographic application. Most of the time, these modes of operation use a wide variety of techniques to achieve a subgoal necessary for their main goal: instantiation of “essentially different” instances of the block cipher.
We formalize a cryptographic primitive, the “tweakable block cipher.” Such a cipher has not only the usual inputs—message and cryptographic key—but also a third input, the “tweak.” The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our abstraction brings this feature down to the primitive block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable block ciphers are easy to design, (2) the extra cost of making a block cipher “tweakable” is small, and (3) it is easier to design and prove the security of applications of block ciphers that need this variability using tweakable block ciphers.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
American National Standards Institute (ANSI). American National Standard for Information Systems–Data Encryption Algorithm–Modes of Operation (1983)
K. Aoki, H. Lipmaa, Fast implementations of AES candidates, in Third AES Candidate Conference, April 2000
M. Bellare, J. Killian, P. Rogaway, The security of cipher block chaining message authentication code. JCSS 61(3), 362–399 (2000)
M. Bellare, T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. Full version, available at http://www-cse.ucsd.edu/users/mihir/papers/rka.html
M. Bellare, T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications, in Advances in Cryptology—EUROCRYPT 2003, ed. by E. Biham. Lecture Notes in Computer Science (Springer, Berlin, 2003), pp. 491–506
D.J. Bernstein, Floating-point arithmetic and message authentication, March 2000. Unpublished manuscript. Available at http://cr.yp.to/papers.html#hash127
E. Biham, New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)
E. Biham, A. Biryukov, How to strengthen DES using existing hardware, in Proceedings ASIACRYPT ’94. Lecture Notes in Computer Science, vol. 917 (Springer, Berlin, 1994), pp. 398–412
J. Black, M. Cochran, T. Shrimpton, On the impossibility of highly-efficient blockcipher-based hash functions, in Advances in Cryptology—EUROCRYPT 2005, ed. by R. Cramer. Lecture Notes in Computer Science (Springer, Berlin, 2005), pp. 526–541
J. Black, S. Halevi, H. Krawczyk, T. Krovetz, P. Rogaway, UMAC: Fast and secure message authentication, in Proceedings CRYPTO ’99. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 216–233
J. Black, P. Rogaway, CBC MACs for arbitrary-length messages: The three-key constructions. J. Cryptol. 18(2), 111–131 (2005)
D. Chakraborty, P. Sarkar, A general construction of tweakable block ciphers and different modes of operations, in Inscrypt 2006—Information Security and Cryptography, Second SKLOIS Conference. Lecture Notes in Computer Science, vol. 4318 (Springer, Berlin, 2006), pp. 88–102
P. Crowley, Mercy: A fast large block cipher for disk sector encryption, in Fast Software Encryption: 7th International Workshop. Lecture Notes in Computer Science, vol. 1978 (Springer, Berlin, 2000), pp. 49–63. Also available at: www.ciphergoth.org/crypto/mercy
J. Daemen, Limitations of the Even–Mansour construction, in Proceedings ASIACRYPT ’91. Lecture Notes in Computer Science, LNCS, vol. 739 (Springer, Berlin, 1991), pp. 495–499
J. Daemen, V. Rijmen, AES proposal: Rijndael. Available at http://www.nist.gov/aes. August (1998)
S. Even, Y. Mansour, A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–161 (1997)
S. Fluhrer, Cryptanalysis of the Mercy block cipher, in Fast Software Encryption, 8th International Workshop, ed. by M. Matsui. Lecture Notes in Computer Science, vol. 2355 (Springer, Berlin, 2002), pp. 28–36
D. Goldenberg, S. Hohenberger, M. Liskov, H. Seyalioglu, E.C. Schwartz, On tweaking Luby–Rackoff blockciphers, in Advances in Cryptology—ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833 (Springer, Berlin, 2007), pp. 342–356
L. Granboulan, P. Nguyen, F. Noilhan, S. Vaudenay, DFCv2, in Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 2012 (Springer, Berlin, 2001), pp. 57–71
S. Halevi, EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data, in INDOCRYPT, ed. by A. Canteaut, K. Viswanathan. Lecture Notes in Computer Science, vol. 3348 (Springer, Berlin, 2004), pp. 315–327
S. Halevi, P. Rogaway, A tweakable enciphering mode, in Advances in Cryptology: CRYPTO 2003, ed. by D. Boneh. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 482–429
S. Halevi, P. Rogaway, A parallelizable enciphering mode, in Topics in Cryptology, CT-RSA 2004. LNCS, vol. 2964 (Springer, Berlin, 2004), pp. 292–304
C. Jutla, Encryption modes with almost free message integrity, in Advances in Cryptology—EUROCRYPT 2001, ed. by B. Pfitzmann. Lecture Notes in Computer Science, vol. 2045 (Springer, Berlin, 2001)
J. Kilian, P. Rogaway, How to protect DES against exhaustive search (an analysis of DESX), in Proceedings CRYPTO ’96. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 252–267. See http://www.cs.ucdavis.edu/rogaway/papers/desx.ps for an updated version
M. Liskov, New tools in cryptography: Mutually independent commitment, tweakable block ciphers, and plaintext awareness via key registration. Ph.D. Thesis, MIT Laboratory for Computer Science (2004)
M. Liskov, R. Rivest, D. Wagner, Tweakable block ciphers, in Advances in Cryptology—CRYPTO 2002, ed. by M. Yung. Lecture Notes in Computer Science (Springer, Berlin, 2002), pp. 31–46
M. Luby, C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, in Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, Berkeley, California, 28–30 May 1986
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, Handbook of Applied Cryptography (CRC Press, Boca Raton, 1997)
K. Minematsu, Improved security analysis of XEX and LRW modes, in Selected Areas in Cryptography—SAC 2006. Lecture Notes in Computer Science, vol. 4356 (Springer, Berlin, 2006), pp. 96–113
R. Morris, K. Thompson, Password security: A case history. Commun. ACM 22(11), 594–597 (1979)
M. Naor, O. Reingold, On the construction of pseudo-random permutations: Luby-Rackoff revisited. J. Cryptol. 12, 29–66 (1999). Extended abstract in Proc. 29th Annual ACM STOC (1997), pp. 189–199
P. Rogaway, Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC, in Advances in Cryptology—ASIACRYPT 2004, Jeju Island, Korea, 5–9 December 2004, ed. by P.J. Lee. Lecture Notes in Computer Science, vol. 3329 (Springer, Berlin, 2004)
P. Rogaway, M. Bellare, J. Black, T. Krovetz, A block-cipher mode of operation for efficient authenticated encryption, in Eighth ACM Conference on Computer and Communications Security (CCS-8) (ACM, New York, 2001), pp. 196–205. See http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-doc.htm
B. Schneier, Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C (Wiley, New York, 1996)
R. Schroeppel, The Hasty Pudding Cipher. NIST AES proposal, available at http://www.cs.arizona.edu/~rcs/hpc/ (1998)
Victor Shoup, On fast and provably secure message authentication based on universal hashing, in Proceedings CRYPTO ’96. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 313–328
US Department of Commerce National Bureau of Standards. DES modes of operation (1980). Federal Information Processing Standards Publication 81
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Mihir Bellare
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Liskov, M., Rivest, R.L. & Wagner, D. Tweakable Block Ciphers. J Cryptol 24, 588–613 (2011). https://doi.org/10.1007/s00145-010-9073-y
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9073-y