October 4, 2023
Yu Sasaki - NIST/NTT
Tweakable block cipher (TBC), a stronger notion than standard block ciphers, has wide-scale applications in symmetric-key schemes. At a high level, it provides flexibility in design and (possibly) better security bounds. In multi-keyed applications, a TBC with short tweak values can be used to replace multiple keys. However, the existing TBC construction frameworks, including Tweakey and XEX, are designed for general purpose tweak sizes. Specifically, they are not optimized for short tweaks, which might render them inefficient for certain resource constrained applications. So a dedicated paradigm to construct short-tweak TBCs (tBC) is highly desirable. In this paper, as a first contribution, we present a dedicated framework, called the Elastic-Tweak framework (ET in short), to convert any reasonably secure SPN block cipher into a secure tBC. We apply the ET framework on GIFT and AES to construct efficient tBCs, named TweGIFT and TweAES. As our second contribution, we propose a nonce misuse resistant, INT-RUP secure lightweight authenticated cipher ESTATE that uses short-tweak TBC as the underlying primitive. Finally, we show some other applications of ET-based tBCs, which are better than their block cipher counterparts in terms of key size, state size, number of block cipher calls, and short message processing. Some notable applications include, Twe-FCBC (reduces the key size of FCBC, and reduces the state size and the number of block cipher calls of CMAC), Twe-LightMAC_Plus (better rate than LightMAC_Plus), Twe-COLM (reduces the number of block cipher calls and simplifies the design of COLM).
The Third NIST Workshop on Block Cipher Modes of Operation
