Bridging Theory And Practice : Cryptanalysis And Design Of Tweakable Blockcipher

Symmetric cryptography is one of the two major branches of modern cryptography.Although it has been widely used in recent years,it is also in the face of increasing challenges.The main challenges include the relatively low algorithm security parameters in lightweight application scenarios in pursuit of high-security algorithms,the widely-used authentication and encryption algorithms in network protocols as one of symmetric cryptographic algorithms which are the most complex and difficult to design,and the high cost for replacing standard symmetric cryptographic algorithms with numerous security flaws.Due to these issues,it is necessary to take into consideration both theoretical security and practical security in designing symmetric cryptographic algorithms.In general,it takes two steps in designing a symmetric cryptographic algorithm: firstly,an underlying component with a fixed input length is designed;secondly,a mode of operation will be designed to process data of any length by iterating the underlying component.To prove this design,we first assume that the underlying component is ideally secure.Then we will prove that the mode of operation is secure,thereby reducing the security risk to the underlying component.Tweakable blockcipher,as an underlying component of symmetric cryptographic algorithm,can provide a more concise design mode with higher security for the mode of operation with the aid of tweak,and the design of tweakable blockcipher is more and more in line with practical application.Considering that the underlying component with weaker security is more economical and easier to realize in real scenarios and that a “robust” trend is identified in the provable security theory,the academic community is guided to take into consideration both theoretical security and practical security,and use the underlying component with the same security or even weaker security to analyze and design the higher-level mode of operation.As a result,the research on the unpredictability of security which is obviously weaker than pseudo-randomness has emerged.Based on the unpredictable underlying blockcipher,this paper is devoted to the cryptanalysis and design of tweakable blockcipher.The results of the systematic and in-depth research are as follows:1.Security analysis on unpredictable TIK-tweakable blockcipher.The tweak-independent key(TIK)is a common feature of the early-proposed tweakable blockciphers.This type of tweakable blockcipher has the advantages of simple structure and easy realization,but its security level is low.All the constructions will stop at the birthday-bound security in standard model.Firstly,a generic model of TIK-tweakable blockcipher is proposed.After analyzing the security risk of the generic model and revisiting research of predictable TIK tweakable blockciphers before,we carry out the investigation into all existing TIK-tweakable blockciphers,and construct special and unpredictable underlying blockciphers.It is found that none of the existing TIK-tweakable blockciphers can preserve unpredictable.In particular,an attack method aimed at the unpredictability of the tweakable blockcipher CLRW2 is found,thus solving a public problem raised at CRYPTO2012.2.Security analysis of unpredictable TDK-tweakable blockcipher.In order to improve the structural complexity and security,researchers gradually adopted a tweak-dependent key(TDK)to construct tweakable blockcipher with higher security in ideal model.Under the assumption of unpredictability,we carry out attacks on the specific structures of TDK-tweakable blockcipher with the beyond-birthday-bound security and optimal security in ideal model.The results show that most TDK-tweakable blockciphers can not preserve unpredictable if given the unpredictable underlying blockcipher.3.Provable security and improved design of unpredictable tweakable blockcipher.Three types of secure structures are found in TDKtweakable blockciphers.In order to meet the actual needs of symmetric cryptographic algorithms in lightweight application scenarios,we find it necessary to design unpredictable TIK-tweakable blockciphers with a lower cost.By modifying the generic model and changing the specific form of tweak generation function,we successfully design the first unpredictable TIK-tweakable blockcipher.With reduction and Game-playing technology,we prove the security of these tweakable blockciphers that can preserve unpredictable under the assumption of unpredictable underlying blockcipher.4.Design of message authentication code based on unpredictable tweakable blockcipher.The unpredictable tweakable blockcipher can be used to design the mode of operation in practice.Focusing on security and efficiency,we use the obtained unpredictable TIK-tweakable blockcipher as the underlying component and design a message authentication code with a single key.We also rely on the idea of reduction to prove that the message authentication code is secure when the underlying tweakable blockcipher is unpredictable.