Length-Preserving Encryption Based On Single-key Tweakable Block Cipher

This paper studies mode of operation for block cipher to design a more efficient variable length input(VIL)cipher.Block cipher is an important branch of cryptography.The implemen-tation for its encryption and decryption is relatively simple,so block cipher has been widely used in the field of information security.AES(Rijndael algorithm)is a typical block cipher,which is the advanced encryption standard of the United States federal government,and has been widely used in the world.The application of AES ranges from email encryption to money transferation,which are closely related to our life.The concept of tweakable block ciphers was introduced in 2002.Tweakable block cipher takes a parameter"tweak"other than plaintext P and secret key K.The function of parameter"tweak"is similar to initialization vectors or"nonce"in some other ciphers,giving tweakable block ciphers more flexibility.The design of mode of operation for block cipher is one significant research of symmetric cryptography.Since block ciphers can only process messages of a fixed length,we must iterate block ciphers to process messages larger than the block length.The iterative approach is called “mode of operation”.There are many modes of operation for block cipher,such as counter(CTR)mode,ciphertext feedback(CFB)mode and cipher block chaining(CBC)mode.A simple iteration of block cipher can only handle messages of length of multiple of block size,and if the message length to be encrypted is not multiple of block size,a new mode of operation is needed.In some cases,cipher schemes must satisfy the rule required by some confidential applications that the length of ciphertexts must remain the same to the plaintext.A cipher is a family of keyed permutation,which includes encryption algorithm and decryption algorithm.Ciphers are often referred to as"encryption schemes".Compared with many other primitives,such as message authentication code(MAC)and signature,building a variable length input(VIL)scheme from a fixed input length(FIL)scheme such as block ciphers is not so easy.So far,some schemes have been put forward one after another.Many methods(such as HEH construction?EME construction,EME~*construction?TETconstruction,etc.)are proposed with the idea of ciphertext stealing,and some other solutions are built with a pseudo-random function based on the counter,For example XCB construction?HCTR construction and HCH construction.However,these constructions are dedicated designs and cannot be directly applied to the existing mode of operation for block cipher.Later Ristenpart and Rogaway's XLS construction built a encryption algorithm based on block cipher which can process messages of length of[n,...,2n-1].This kind of variable length input(VIL)ciphers,which can handle messages from n to 2n-1,is of interest to many cryptographers.They doubles the space size of the message that can be processed,so it's called"length doubler".Unfortunately,the XLS construction has been proved not secure.Nandi has also put forward his construction DE.In 2012,Haibin Zhang presented the HEM construction and the THEM construction and it is for the first time to introduce a“'tweak'in length doubler.In 2018,Chen et al.proposed a new length doubler–"LDT"in a paper published on FSE.LDT uses the tweakable block cipher as the underlying cipher for the first time,which greatly inspired our research.We present a Single-key Length Doubler built on an n-bit Tweakable block cipher(SLDT),which is a length-preserving cipher on the strings with bit length in integer inter-val[n,n+1,...,2n-1].SLDT is mainly motivated to reduce the key material size of a length doubler proposed by Chen et al.at FSE2018,since the key management is always challenging in practice.We prove that SLDT is a strong pseudo-random permutation(SPRP)if the underlying tweakable block cipher is SPRP.