June 21, 2024
Christoph Dobraunig - Intel Labs
A tweakable wide blockcipher is a construction which behaves in the same way as a tweakable blockcipher, with the difference that the actual block size is flexible. Due to this feature, a tweakable wide blockcipher can be directly used as a strong encryption scheme that provides full diffusion when encrypting plaintexts to ciphertexts and vice versa. Furthermore, it can be the basis of authenticated encryption schemes fulfilling the strongest security notions. In this paper, we present three instantiations of the docked double decker tweakable wide blockcipher: ddd-AES, ddd-AES+, and bbb-ddd-AES. These instances exclusively use similar building blocks as AES-GCM (AES and finite field multiplication), are designed for maximal parallelism, and hence, can make efficient use of existing hardware accelerators. ddd-AES is a birthday bound secure scheme, and ddd-AES+ is an immediate generalization to allow for variable length tweaks. bbb-ddd-AES achieves security beyond the birthday bound provided that the same tweak is not used too often. Moreover, bbb-ddd-AES builds upon a novel conditionally beyond birthday bound secure pseudorandom function, a tweakable variant of the XOR of permutations, facilitating in the need to include a tweak in the AES evaluations without sacrificing flexibility in docked double decker. We furthermore introduce an authenticated encryption mode aaa specifically tailored to be instantiated with ddd-AES and bbb-ddd-AES, where special attention is given to how the nonce and associated data can be processed. We prove that this mode is secure in the nonce-respecting setting, in the nonce-misuse setting, as well as in the setting where random nonces are used.
Workshop on the Requirements for an Accordion Cipher Mode 2024