International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Cascading Four Round LRW1 is Beyond Birthday Bound Secure

Authors:
Nilanjan Datta , Institute for Advancing Intelligence, TCG CREST, Kolkata, India
Shreya Dey , Institute for Advancing Intelligence, TCG CREST, Kolkata, India; Ramakrishna Mission Vivekananda Educational and Research Institute, India
Avijit Dutta , Institute for Advancing Intelligence, TCG CREST, Kolkata, India
Sougata Mandal , Institute for Advancing Intelligence, TCG CREST, Kolkata, India; Ramakrishna Mission Vivekananda Educational and Research Institute, India
Download:
DOI: 10.46586/tosc.v2023.i4.365-390
URL: https://tosc.iacr.org/index.php/ToSC/article/view/11293
Search ePrint
Search Google
Abstract: In CRYPTO’02, Liskov et al. introduced the concept of a tweakable block cipher, a novel symmetric key primitive with promising applications. They put forth two constructions for designing such tweakable block ciphers from conventional block ciphers: LRW1 and LRW2. While subsequent efforts extended LRW2 to achieve security beyond the birthday bound (e.g., cascaded LRW2 in CRYPTO’12 by Landecker et al.), the extension of LRW1 remained unexplored until Bao et al.’s work in EUROCRYPT’20 that considered cascaded LRW1, a one-round extension of LRW1 - entailing masking the LRW1 output with the given tweak and re-encrypting it with the same block cipher. They showed that CLRW1 offers security up to 22n/3 queries. However, this result was challenged by Khairallah’s recent birthday bound distinguishing attack on cascaded LRW1, effectively refuting the security claim of Bao et al. Consequently, a pertinent research question emerges: How many rounds of cascaded LRW1 are required to obtain security beyond the birthday bound? This paper addresses this question by establishing that cascading LRW1 for four rounds suffices to ensure security beyond the birthday bound. Specifically, we demonstrate that 4 rounds of CLRW1 guarantees security for up to 23n/4 queries. Our security analysis is based from recent advancements in the mirror theory technique for tweakable random permutations, operating within the framework of the Expectation Method.
BibTeX
@article{tosc-2023-33693,
  title={Cascading Four Round LRW1 is Beyond Birthday Bound Secure},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={023 No. 4},
  pages={365-390},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/11293},
  doi={10.46586/tosc.v2023.i4.365-390},
  author={Nilanjan Datta and Shreya Dey and Avijit Dutta and Sougata Mandal},
  year=2023
}