Servicenavigation

Project Details

Back

Projekt Print View

RAC: Robust Authenticated Ciphers

Subject Area Security and Dependability, Operating-, Communication- and Distributed Systems
Term from 2018 to 2023
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 411725237
 
Final Report Year 2024

Final Report Abstract

All our results have been published at peer-reviewed conferences or in peer-reviewed journals: The Oribidata mode for Authenticated Encryption has been proposed. It is provably secure even unverified plaintexts are released. The TEDT2 mode for authenticated encryption has been proposed. TEDT2 is an improvement over the TEDT mode. The biggest advantage of TEDT2 over TEDT is its beyondbirthday security, even under leakage. The “implicit key-stretching” (iks) aspect of encryption modes has been studied. If an encrypted message is of length m, one can hope that adversaries need Ω(m) units of time for each wrong key candidate. If so, we consider this as “implicit key-stretching” by log2 (m) bit. We consider all common AE cryptosystems, from very simple online-ciphers, for which keystretching cannot be expected, up to 3-pass modes, which we expected to provide implicit key-stretching. As it turned out, none of the cryptosystems we studied did provide implicit key-stretching. In fact, all of them did allow the adversary to reject a wrong key in time O(1). But for some of the 3-pass modes, a minor modification did turn them into cryptosystems with implicit key-stretching. The block cipher Pholkos has been proposed. Pholkos is a family of tweakable block cipehrs, with state and key sizes ≥ 256 bit and tweaks between 128 and 256 bit. Even though the block size of Pholkos is much larger than the 128 bit block size of the AES, an efficient implementation of Pholkos greatly benefits from the AES instructions on modern CPUs. Depending on the specific CPU, the performance of Pholkos is between one and two cycles per byte. Tweak-aNd-Tweak (TNT) is a probably secure MAC construction. Initially, the best known attack did require O(2n) units of time, data and storage, and the best initially known lower bound was at 2n/3 bit security. In the context of the project, this gap has been closed, except for a remaining factor √n. This stems from a new attack in time O(√n ∗ 2^3n/4) and a new lower bound for 3n/4 bit security. Other results from the project include the security of the ForkAES ForkCipher, new results for reduced-round AES, design and analysis of several beyond-birthday-secure MACs and an encryption mode, also providing beyond-birthday security.

Publications

 
 

Additional Information

© 2025 DFG Disclaimer / Copyright / Privacy Policy

Textvergrößerung und Kontrastanpassung