International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: On the Security of Sponge-type Authenticated Encryption Modes

Authors:
Bishwajit Chakraborty , Indian Statistical Institute, Kolkata, India
Ashwin Jha , Indian Statistical Institute, Kolkata, India
Mridul Nandi , Indian Statistical Institute, Kolkata, India
Download:
DOI: 10.13154/tosc.v2020.i2.93-119
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8670
Search ePrint
Search Google
Abstract: The sponge duplex is a popular mode of operation for constructing authenticated encryption schemes. In fact, one can assess the popularity of this mode from the fact that around 25 out of the 56 round 1 submissions to the ongoing NIST lightweight cryptography (LwC) standardization process are based on this mode. Among these, 14 sponge-type constructions are selected for the second round consisting of 32 submissions. In this paper, we generalize the duplexing interface of the duplex mode, which we call Transform-then-Permute. It encompasses Beetle as well as a new sponge-type mode SpoC (both are round 2 submissions to NIST LwC). We show a tight security bound for Transform-then-Permute based on b-bit permutation, which reduces to finding an exact estimation of the expected number of multi-chains (defined in this paper). As a corollary of our general result, authenticated encryption advantage of Beetle and SpoC is about T(D+r2r)/2b where T, D and r denotes the number of offline queries (related to time complexity of the attack), number of construction queries (related to data complexity) and rate of the construction (related to efficiency). Previously the same bound has been proved for Beetle under the limitation that T << min{2r, 2b/2} (that compels to choose larger permutation with higher rate). In the context of NIST LwC requirement, SpoC based on 192-bit permutation achieves the desired security with 64-bit rate, which is not achieved by either duplex or Beetle (as per the previous analysis).
Video from TOSC 2020
BibTeX
@article{tosc-2020-30539,
  title={On the Security of Sponge-type Authenticated Encryption Modes},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={2020, Issue 2},
  pages={93-119},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8670},
  doi={10.13154/tosc.v2020.i2.93-119},
  author={Bishwajit Chakraborty and Ashwin Jha and Mridul Nandi},
  year=2020
}