Design of provably secure lightweight authenticated encryption schemes based on tweakable primitives

Abstract

Tweakable primitives are advanced cryptographic constructions, primarily used to enhance the flexibility, security, and performance of cryptographic systems. In case of the tweakable primitives, in addition to the key and the input, there is an additional or extra parameter (often referred to as the third parameter). This third parameter is called the tweak. Further, the tweak is a public value and is known to the adversary. Due to the availability of this third parameter, tweakable primitives find their use in creating modes of operation and in several applications in the area spanning across the design of cryptographic systems. As an example, consider the application of disk encryption. The index of a disk sector can be used as a tweak for disk encryption. This will create mutually exclusive encryptions of the sectors of the disk. These independent disk sectors can be accessed, edited and updated independently, thereby facilitating usability and increasing the end user experience. Historically, right from the inception of the tweakable primitives, they have been mostly overlooked and hardly found their inclusion in cryptographic designs. This has changed in the last decade, the interest of research community has shown a growth and the tweakable primitives have started to receive traction. One of the area that has been explored is the design of authenticated encryption schemes with associated data (or AEAD). The tweak provides flexibility when designing an AEAD. Nonce, counter etc., are some of the values that may be known to an adversary in different attack models. Hence, these values become an ideal candidate for the tweak when designing AEAD using tweakable primitives. The design so proposed must also prove its resistance against adversaries under various attack models. This leads to the foundation of provable security proofs. A provable security proof is a formal method used to show that a cryptographic designs like AEAD, signature scheme etc. are secure under well-defined mathematical assumptions. It involves stating a formal argument and then showing that the design resists certain types of claimed attacks, assuming that a related hard problem (e.g., factoring large numbers or solving the discrete logarithm problem) is computationally infeasible. Thus, in this thesis, we analyzed, "how can we design authenticated encryption schemes with associated data using tweakable primitives with provable security proofs?". Specifically, we tried to answer questions like: How to use tweakable primitives to design AEAD? What designs can be provided with provable security proofs? What properties can be incorporated into the design that shows the true potential of tweakable primitives? Can we investigate for providing additional features. i.e., committing security? We choose tweakable block cipher as our tweakable primitive and begin the design of authenticated encryption scheme with associated data. We explore all the ways to create an AEAD based of xor operation and using tweakable block cipher, were the tweak size is twice the block size. During the design, we found that usage of tweak provides several additional properties that facilitates the area of lightweight cryptography. Keeping this in mind, we adapted the strategy of our design to fulfil the requirements of lightweight cryptosystem outlined by NIST (National Institute of Standards and Technology, USA). We proposed lynx, a family (with 14 members) ofl ight weight 1-pass and rate-1 AEAD based on a tweakable block cipher. We further provided the provable security proof for each of the member of the lynx family. Further, the implementation of lynx highlights its potential for the resource constraint devices. We introduce the notion of tweakable stream cipher (tS in short) with the property of partial collision resistance, and use it to create four new tweakable wide block cipher schemes: HBtSH, HtS, tS-double-decker and tS-docked-double-decker. These four proposed schemes can be used to create a CMT-4 secure authenticated encryption scheme with the property of partial collision under encode-then-encipher paradigm. Further, we provide provable security proof with partial collision resistance for the four proposed schemes against a CMT-4 adversary. Traditional AEAD schemes may be vulnerable to misuse by adversaries capable of adapting their attacks based on observed ciphertexts, leading to potential breaches in security. CMT-4 secure AEAD schemes aim to address this limitation by providing an additional security property known as commitment. Committing security of authenticated encryption schemes is an emerging area and an active field of research and is highly motivated by real-world scenarios. The proposal draft by NIST for the requirements of the Accordion Mode lists the committing security as one of the desirable properties.