### Abstract

We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is "only" unpredictable, one "at least" gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).

Original language | English (US) |
---|---|

Title of host publication | Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings |

Pages | 198-219 |

Number of pages | 22 |

Volume | 4965 LNCS |

DOIs | |

State | Published - 2008 |

Event | 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008 - Istanbul, Turkey Duration: Apr 13 2008 → Apr 17 2008 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 4965 LNCS |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008 |
---|---|

Country | Turkey |

City | Istanbul |

Period | 4/13/08 → 4/17/08 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Biochemistry, Genetics and Molecular Biology(all)
- Theoretical Computer Science

### Cite this

*Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings*(Vol. 4965 LNCS, pp. 198-219). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4965 LNCS). https://doi.org/10.1007/978-3-540-78967-3_12

**A new mode of operation for block ciphers and length-preserving MACs.** / Dodis, Yevgeniy; Pietrzak, Krzysztof; Puniya, Prashant.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings.*vol. 4965 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4965 LNCS, pp. 198-219, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2008, Istanbul, Turkey, 4/13/08. https://doi.org/10.1007/978-3-540-78967-3_12

}

TY - GEN

T1 - A new mode of operation for block ciphers and length-preserving MACs

AU - Dodis, Yevgeniy

AU - Pietrzak, Krzysztof

AU - Puniya, Prashant

PY - 2008

Y1 - 2008

N2 - We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is "only" unpredictable, one "at least" gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).

AB - We propose a new mode of operation, enciphered CBC, for domain extension of length-preserving functions (like block ciphers), which is a variation on the popular CBC mode of operation. Our new mode is twice slower than CBC, but has many (property-preserving) properties not enjoyed by CBC and other known modes. Most notably, it yields the first constant-rate Variable Input Length (VIL) MAC from any length preserving Fixed Input Length (FIL) MAC. This answers the question of Dodis and Puniya from Eurocrypt 2007. Further, our mode is a secure domain extender for PRFs (with basically the same security as encrypted CBC). This provides a hedge against the security of the block cipher: if the block cipher is pseudorandom, one gets a VIL-PRF, while if it is "only" unpredictable, one "at least" gets a VIL-MAC. Additionally, our mode yields a VIL random oracle (and, hence, a collision-resistant hash function) when instantiated with length-preserving random functions, or even random permutations (which can be queried from both sides). This means that one does not have to re-key the block cipher during the computation, which was critically used in most previous constructions (analyzed in the ideal cipher model).

UR - http://www.scopus.com/inward/record.url?scp=44449166046&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=44449166046&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-78967-3_12

DO - 10.1007/978-3-540-78967-3_12

M3 - Conference contribution

AN - SCOPUS:44449166046

SN - 3540789669

SN - 9783540789666

VL - 4965 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 198

EP - 219

BT - Advances in Cryptology - EUROCRYPT 2008 - 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

ER -