International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 21 May 2015

Elena Andreeva, Guy Barwell, Dan Page, Martijn Stam
ePrint Report ePrint Report
CAESAR has caused a heated discussion regarding the merits of one-pass encryption and online ciphers. The latter is a keyed, length preserving function which outputs ciphertext blocks as soon as the respective plaintext block is received. The immediacy of an online cipher gives a clear performance advantage, yet it comes at a price. Since ciphertext blocks cannot depend on later plaintext blocks, diffusion and hence security is limited. We show how one can attain the best of both worlds by providing provably secure constructions,

achieving full cipher security, based on applying an online cipher and reordering blocks.

Explicitly, we show that with just two calls to the online cipher, security up to the birthday bound is both attainable and maximal. Moreover, we demonstrate that three calls to the online cipher suffice to obtain beyond birthday bound security, and (for suitably long messages) arbitrarily strong security. As part of our investigation, we extend an observation by Rogaway and Zhang, highlighting the close relationship between online ciphers and tweakable blockciphers with variable-length tweaks.

Expand

Additional news items may be found on the IACR news page.