Questions tagged [tweakable-cipher]
A block cipher is a family of permutations where the key selects a particular permutation from that family. With a tweakable blockcipher both key and tweak are used to select a permutation. So tweak and key are related.
43 questions
2 votes
0 answers
43 views
Practical applications of a block cipher tweak input
To my mind, there are two go-to uses for a tweak input for a block cipher or mode of operation: A counter to make each block in a sequence of message blocks encrypt differently. A counter for a ...
- 4,328
1 vote
0 answers
35 views
Can QCB Quantum-Secure Authentication Mode be modified to output intermediate tags?
The QCB Efficient Quantum-Secure Authentication Encryption mode is based on a tweak block cipher. It processes a key , iv , associated data, and plaintext data into ciphertext data and a message ...
- 399
0 votes
0 answers
62 views
What are the security implications of having inverse_sbox -> XOR tweak -> forward_sbox?
I have an application in mind that requires only the 32-bit sub-permutation from AES [x86; AESENC] (but skip shift rows step) but it turns out that the transposition step to undo shift rows (x86; ...
0 votes
0 answers
27 views
Security bound of a simple tweakable block cipher mode
This is for understanding when the bound the birthday bound applies in block cipher modes. Suppose that $E(K, X)$/$D(K, X)$ is a block cipher. $T=T_0||T_1||T_2||T_3$ is a tweak value that is twice the ...
- 4,328
1 vote
0 answers
65 views
Tweakable Block Ciphers, Nonces and KDF Key Schedules
What is the point of having dedicated tweakable block ciphers in lieu of XEX which does the same? Does this have something to do with why no one uses XEX with a simple counter? The tweak schedule is ...
- 11
1 vote
0 answers
41 views
Advantages, Disadvantages, and Specific Use Cases of Duplex Construction and Tweakable AEAD
I understand the operational mechanisms of Duplex construction and tweakable Authenticated Encryption as used in AEAD schemes. I am interested in a comparative analysis of these cryptographic ...
- 2,318
0 votes
0 answers
50 views
How to securely modify the NIST SPECK block cipher into a tweak block cipher without using tweak block modes?
I have a functioning implementation of the NIST SPECK block cipher that I wish to modify to support a tweak. While I am aware that there are a number of papers proposing secure methods of turning a ...
- 399
3 votes
2 answers
194 views
What are advantages/disadvantages of an invertible tweak schedule in a tweakable block cipher?
I have been doing research on a tweakable block cipher called BipBip. This is a rather niche cipher so I'll give a few facts about it for background before asking my question: The structure is based ...
- 31
3 votes
1 answer
172 views
Can the Threefish tweak block cipher have its fixed 128 bit tweak size extended to match the block size (256/512/1024)
The Threefish tweak block cipher has a fixed size tweak (128 bits) and three different possible key/block sizes (256/512/1024 bits). The MCOE on-line authenticated encryption mode presents three ...
- 399
1 vote
1 answer
95 views
Can MCOE AEAD mode be modified to work with Threefish tweak block cipher and generate intermediate tags
The MCOE mode provides a really nice way to implement a nonce-misuse resistant AEAD and is based on an arbitrary tweak block cipher. A specific requirement of the tweak block cipher is that the data ...
- 399
3 votes
1 answer
333 views
Why doesn't ChaCha use a 512bit key and xor parameters into it?
ChaCha has clear delineations between key, nonce, counter and constants. What is the reason for not using a XEX-like ($k=0$) approach such that the ChaCha key is 512 bits and all the other things are ...
2 votes
1 answer
155 views
Is the XOR two block ciphers still a block cipher?
Let's say I have a block cipher $E: K \times M \rightarrow C$. Is the function defined by $\operatorname{Enc}(k_1,k_2,m) = E(k_1, m)\ \operatorname{XOR}\ E(k_2,m)$ guaranteed to have an inverse ...
- 23
1 vote
0 answers
150 views
Proving Security of a Tweakable Block Cipher in CBC Mode (Threefish)
I want to prove the security of a Tweakable Block Cipher in CBC Mode How does one prove the security of a Tweakable block cipher (ie Threefish) in CBC mode with a random IV and a constant (public) ...
- 51
2 votes
0 answers
81 views
LibTomCrypt Documentation on LRW Mode/Tweakable Block Cipher - Apparent Contradiction?
In the LRW mode discussion on page 34/161 of the LibTomCrypt manual, available here for example https://opensource.apple.com/source/CommonCrypto/CommonCrypto-55010/Source/libtomcrypt/doc/...
- 51
3 votes
1 answer
140 views
Backdoor Designer Key Recovery in LowMC-M
The paper https://eprint.iacr.org/2020/986.pdf proposed a framework for embedding a malicious backdoor in LowMC cipher, that will later help the designer to recover the secret key in the known-...
- 31