A new mode of operation for block ciphers and length-preserving MACs

Yevgeniy Dodis, Krzysztof Pietrzak, Prashant Puniya

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is "only" unpredictable, one "at least" gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Pages198-219
Number of pages22
Volume4965 LNCS
DOIs
StatePublished - 2008
Event27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008 - Istanbul, Turkey
Duration: Apr 13 2008Apr 17 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4965 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008
CountryTurkey
CityIstanbul
Period4/13/084/17/08

Fingerprint

Block Ciphers
Modes of Operation
Hash functions
Block Cipher
Even permutation
Random Permutation
Random Oracle
Random Function
Hash Function
Rate Constant
Collision

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., Pietrzak, K., & Puniya, P. (2008). A new mode of operation for block ciphers and length-preserving MACs. In Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (Vol. 4965 LNCS, pp. 198-219). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS). https://doi.org/10.1007/978-3-540-78967-3_12

A new mode of operation for block ciphers and length-preserving MACs. / Dodis, Yevgeniy; Pietrzak, Krzysztof; Puniya, Prashant.

Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 4965 LNCS 2008. p. 198-219 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Pietrzak, K & Puniya, P 2008, A new mode of operation for block ciphers and length-preserving MACs. in Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. vol. 4965 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4965 LNCS, pp. 198-219, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008, Istanbul, Turkey, 4/13/08. https://doi.org/10.1007/978-3-540-78967-3_12
Dodis Y, Pietrzak K, Puniya P. A new mode of operation for block ciphers and length-preserving MACs. In Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 4965 LNCS. 2008. p. 198-219. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-78967-3_12
Dodis, Yevgeniy ; Pietrzak, Krzysztof ; Puniya, Prashant. / A new mode of operation for block ciphers and length-preserving MACs. Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Vol. 4965 LNCS 2008. pp. 198-219 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{307183580d2b479fb0426d524dfe8bba,
title = "A new mode of operation for block ciphers and length-preserving MACs",
abstract = "We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is {"}only{"} unpredictable, one {"}at least{"} gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).",
author = "Yevgeniy Dodis and Krzysztof Pietrzak and Prashant Puniya",
year = "2008",
doi = "10.1007/978-3-540-78967-3_12",
language = "English (US)",
isbn = "3540789669",
volume = "4965 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "198--219",
booktitle = "Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

}

TY - GEN

T1 - A new mode of operation for block ciphers and length-preserving MACs

AU - Dodis, Yevgeniy

AU - Pietrzak, Krzysztof

AU - Puniya, Prashant

PY - 2008

Y1 - 2008

N2 - We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is "only" unpredictable, one "at least" gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).

AB - We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is "only" unpredictable, one "at least" gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).

UR - http://www.scopus.com/inward/record.url?scp=44449166046&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=44449166046&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-78967-3_12

DO - 10.1007/978-3-540-78967-3_12

M3 - Conference contribution

AN - SCOPUS:44449166046

SN - 3540789669

SN - 9783540789666

VL - 4965 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 198

EP - 219

BT - Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

ER -