We present two tweakable wide block cipher modes from doubly-extendable cryptographic keyed (deck) functions and a keyed hash function: double-decker and docked-double-decker. Double-decker is a direct generalization of Farfalle-WBC of Bertoni et al. (ToSC 2017(4)), and is a four-round Feistel network on two arbitrarily large branches, where the middle two rounds call deck functions and the first and last rounds call the keyed hash function. Docked-double-decker is a variant of doubledecker where the bulk of the input to the deck functions is moved to the keyed hash functions. As a consequence, the size of the inputs of the deck functions are constant and can be conceptually seen as stream ciphers. Concretely, docked-double-decker can be instantiated using the same primitives as Adiantum, without using any block cipher, arguably having a slightly more efficient design and being more secure in certain settings.
The Third NIST Workshop on Block Cipher Modes of Operation 2023
Starts: October 03, 2023National Cybersecurity Center of Excellence (NCCoE) 9700 Great Seneca Highway Rockville, MD 20850
Security and Privacy: encryption