Ashwin Jha
YOU?
Author Swipe
View article: On TRP-RF Switch in the Quantum Query Model
On TRP-RF Switch in the Quantum Query Model Open
The tweakable random permutation (TRP) to random function (RF) switch in the quantum query model (Hosoyamada and Iwata, IACR ASIACRYPT 2019) is tightened. This immediately improves the security bounds for TNT and LRWQ against quantum chose…
View article: On Large Tweaks in Tweakable Even-Mansour with Linear Tweak and Key Mixing
On Large Tweaks in Tweakable Even-Mansour with Linear Tweak and Key Mixing Open
In this paper, we provide the first analysis of the Iterated Tweakable Even-Mansour cipher with linear tweak and key (or tweakey) mixing, henceforth referred as TEML, for an arbitrary tweak(ey) size kn for all k ≥ 1, and arbitrary number o…
View article: Revisiting Randomness Extraction and Key Derivation Using the CBC and Cascade Modes
Revisiting Randomness Extraction and Key Derivation Using the CBC and Cascade Modes Open
In this paper, we revisit a celebrated result by Dodis et al. from CRYPTO 2004, in relation with the suitability of CBC-MAC and cascade construction for randomness extraction. We first observe that the proof of three key sub-results are mi…
View article: Subverting Telegram’s End-to-End Encryption
Subverting Telegram’s End-to-End Encryption Open
Telegram is a popular secure messaging service with third biggest user base as of 2021. In this paper, we analyze the security of Telegram’s end-to-end encryption (E2EE) protocol in presence of mass-surveillance. Specifically, we show >tha…
View article: How to Build Optimally Secure PRFs Using Block Ciphers
How to Build Optimally Secure PRFs Using Block Ciphers Open
In EUROCRYPT '96, Aiello and Venkatesan proposed two candidates for $ 2n $-bit to $ 2n $-bit pseudorandom functions (PRFs), called Benes and modified Benes (or mBenes), based on $ n $-bit to $ n $-bit PRFs. While Benes is known to be secur…
View article: A Survey on Applications of H-Technique: Revisiting Security Analysis of PRP and PRF
A Survey on Applications of H-Technique: Revisiting Security Analysis of PRP and PRF Open
The Coefficients H technique (also called the H-technique), developed by Patarin circa 1991, is a tool used to obtain the upper bounds on distinguishing advantages. This tool is known to provide relatively simple and (in some cases) tight …
View article: On Length Independent Security Bounds for the PMAC Family
On Length Independent Security Bounds for the PMAC Family Open
At FSE 2017, Gaži et al. demonstrated a pseudorandom function (PRF) distinguisher (Gaži et al., ToSC 2016(2)) on PMAC with Ω(lq2/2n) advantage, where q, l, and n, denote the number of queries, maximum permissible query length (in terms of …
View article: On the Security of Sponge-type Authenticated Encryption Modes
On the Security of Sponge-type Authenticated Encryption Modes Open
The sponge duplex is a popular mode of operation for constructing authenticated encryption schemes. In fact, one can assess the popularity of this mode from the fact that around 25 out of the 56 round 1 submissions to the ongoing NIST ligh…
View article: On the Security of Sponge-type Authenticated Encryption Modes
On the Security of Sponge-type Authenticated Encryption Modes Open
The sponge duplex is a popular mode of operation for constructing authenticated encryption schemes. In fact, one can assess the popularity of this mode from the fact that around 25 out of the 56 round 1 submissions to the ongoing NIST ligh…
View article: From Combined to Hybrid: Making Feedback-based AE even Smaller
From Combined to Hybrid: Making Feedback-based AE even Smaller Open
In CHES 2017, Chakraborti et al. proposed COFB, a rate-1 sequential block cipher-based authenticated encryption (AE) with only 1.5n-bit state, where n denotes the block size. They used a novel approach, the so-called combined feedback, whe…
View article: ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode
ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode Open
NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlyi…
View article: ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode
ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode Open
NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlyi…
View article: From Combined to Hybrid: Making Feedback-based AE even Smaller
From Combined to Hybrid: Making Feedback-based AE even Smaller Open
In CHES 2017, Chakraborti et al. proposed COFB, a rate-1 sequential block cipher-based authenticated encryption (AE) with only 1.5n-bit state, where n denotes the block size. They used a novel approach, the so-called combined feedback, whe…
View article: INT-RUP Secure Lightweight Parallel AE Modes
INT-RUP Secure Lightweight Parallel AE Modes Open
Owing to the growing demand for lightweight cryptographic solutions, NIST has initiated a standardization process for lightweight cryptographic algorithms. Specific to authenticated encryption (AE), the NIST draft demands that the scheme s…
View article: Tight Security Analysis of EHtM MAC
Tight Security Analysis of EHtM MAC Open
The security of a probabilistic Message Authentication Code (MAC) usually depends on the uniqueness of the random salt which restricts the security to birthday bound of the salt size due to the collision on random salts (e.g XMACR). To ove…
View article: Tight Security Analysis of EHtM MAC
Tight Security Analysis of EHtM MAC Open
The security of a probabilistic Message Authentication Code (MAC) usually depends on the uniqueness of the random salt which restricts the security to birthday bound of the salt size due to the collision on random salts (e.g XMACR). To ove…
View article: On The Exact Security of Message Authentication Using Pseudorandom Functions
On The Exact Security of Message Authentication Using Pseudorandom Functions Open
Traditionally, modes of Message Authentication Codes(MAC) such as Cipher Block Chaining (CBC) are instantiated using block ciphers or keyed Pseudo Random Permutations(PRP). However, one can also use domain preserving keyed Pseudo Random Fu…
View article: On The Exact Security of Message Authentication Using Pseudorandom Functions
On The Exact Security of Message Authentication Using Pseudorandom Functions Open
Traditionally, modes of Message Authentication Codes(MAC) such as Cipher Block Chaining (CBC) are instantiated using block ciphers or keyed Pseudo Random Permutations(PRP). However, one can also use domain preserving keyed Pseudo Random Fu…
View article: Revisiting structure graphs: Applications to CBC-MAC and EMAC
Revisiting structure graphs: Applications to CBC-MAC and EMAC Open
In [2], Bellare, Pietrzak and Rogaway proved an O ( ℓ q 2 / 2 n ) ${O(\ell q^{2}/2^{n})}$ bound for the PRF (pseudorandom function) security of the CBC-MAC based on an n -bit random permutation Π, provided ℓ < 2 n / 3…