Tetsu Iwata
YOU?
Author Swipe
View article: Key Recovery, Universal Forgery, and Committing Attacks against Revised Rocca: How Finalization Affects Security
Key Recovery, Universal Forgery, and Committing Attacks against Revised Rocca: How Finalization Affects Security Open
This paper examines the security of Rocca, an authenticated encryption algorithm designed for Beyond 5G/6G contexts. Rocca has been revised multiple times in the initialization and finalization for security reasons. In this paper, we study…
View article: Feistel Ciphers Based on a Single Primitive
Feistel Ciphers Based on a Single Primitive Open
We consider Feistel ciphers instantiated with tweakable block ciphers (TBCs) and ideal ciphers (ICs). The indistinguishability security of the TBC-based Feistel cipher is known, and the indifferentiability security of the IC-based Feistel …
View article: Key Committing Security of AEZ and More
Key Committing Security of AEZ and More Open
For an Authenticated Encryption with Associated Data (AEAD) scheme, the key committing security refers to the security notion of whether the adversary can produce a pair of distinct input tuples, including the key, that result in the same …
View article: Generalized Feistel Structures Based on Tweakable Block Ciphers
Generalized Feistel Structures Based on Tweakable Block Ciphers Open
A generalized Feistel structure (GFS) is a classical approach to construct a block cipher from pseudorandom functions (PRFs). Coron et al. at TCC 2010 instantiated a Feistel structure with a tweakable block cipher (TBC), and presented its …
View article: Matching attacks on Romulus‐M
Matching attacks on Romulus‐M Open
This paper considers a problem of identifying matching attacks against Romulus‐M, one of the 10 finalists of National Institute of Standards and Technology Lightweight Cryptography standardisation project. Romulus‐M is provably secure, tha…
View article: New indifferentiability security proof of MDPH hash function
New indifferentiability security proof of MDPH hash function Open
MDPH is a double‐block‐length hash function proposed by Naito at Latincrypt 2019. This is a combination of Hirose's compression function and the domain extender called Merkle–Damgård with permutation. When instantiated with an n ‐bit block…
View article: On the (im)possibility of improving the round diffusion of generalized Feistel structures
On the (im)possibility of improving the round diffusion of generalized Feistel structures Open
Generalized Feistel structures (GFS) are widely employed as the underlying structure of primitives like block ciphers and hash functions. In order to improve its slow diffusion, several design ideas have been proposed. In this contribution…
View article: Quantum attacks on Sum of Even-Mansour pseudorandom functions
Quantum attacks on Sum of Even-Mansour pseudorandom functions Open
At CRYPTO 2019, constructions of a pseudorandom function from public random permutations were presented. We consider one of the constructions called Sum of Even-Mansour (SoEM), and present quantum attacks against the construction. Our atta…
View article: Provably Quantum-Secure Tweakable Block Ciphers
Provably Quantum-Secure Tweakable Block Ciphers Open
Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciph…
View article: Beyond-Birthday-Bound Secure Cryptographic Permutations from Ideal Ciphers with Long Keys
Beyond-Birthday-Bound Secure Cryptographic Permutations from Ideal Ciphers with Long Keys Open
Coron et al. showed a construction of a 3-round 2n-bit cryptographic permutation from three independent n-bit ideal ciphers with n-bit keys (TCC 2010). Guo and Lin showed a construction of a (2d − 1)-round dn-bit cryptographic permutation …
View article: Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms
Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms Open
In this article, we propose two new families of very lightweight and efficient authenticated encryption with associated data (AEAD) modes, Romulus and Remus, that provide security beyond the birthday bound with respect to the block-length …
View article: Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks
Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Open
We consider a problem of constructing a secure block cipher from a tweakable block cipher (TBC) with long tweaks. Given a TBC with n-bit blocks and Γn-bit tweaks for Γ ≥ 1, one of the constructions by Minematsu in DCC 2015 shows that a sim…
View article: ZOCB and ZOTR: Tweakable Blockcipher Modes for Authenticated Encryption with Full Absorption
ZOCB and ZOTR: Tweakable Blockcipher Modes for Authenticated Encryption with Full Absorption Open
We define ZOCB and ZOTR for nonce-based authenticated encryption with associated data, and analyze their provable security. These schemes use a tweakable blockcipher (TBC) as the underlying primitive, and fully utilize its input to process…
View article: Cryptanalysis of AES-PRF and Its Dual
Cryptanalysis of AES-PRF and Its Dual Open
A dedicated pseudorandom function (PRF) called AES-PRF was proposed by Mennink and Neves at FSE 2018 (ToSC 2017, Issue 3). AES-PRF is obtained from AES by using the output of the 5-th round as the feed-forward to the output state. This pap…
View article: Cryptanalysis of AES-PRF and Its Dual
Cryptanalysis of AES-PRF and Its Dual Open
A dedicated pseudorandom function (PRF) called AES-PRF was proposed by Mennink and Neves at FSE 2018 (ToSC 2017, Issue 3). AES-PRF is obtained from AES by using the output of the 5-th round as the feed-forward to the output state. This pap…
View article: Symmetric Cryptography (Dagstuhl Seminar 18021)
Symmetric Cryptography (Dagstuhl Seminar 18021) Open
This report documents the program and the outcomes of Dagstuhl Seminar 18021 "Symmetric Cryptography", which was held on January 7-12, 2018 in Schloss Dagstuhl - Leibniz Center for Informatics. The seminar was the sixth in a series of Dags…
View article: Reconsidering the Security Bound of AES-GCM-SIV
Reconsidering the Security Bound of AES-GCM-SIV Open
We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis pro…
View article: Cryptanalysis of PMACx, PMAC2x, and SIVx
Cryptanalysis of PMACx, PMAC2x, and SIVx Open
At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) a…
View article: Stronger Security Variants of GCM-SIV
Stronger Security Variants of GCM-SIV Open
At CCS 2015, Gueron and Lindell proposed GCM-SIV, a provably secure authenticated encryption scheme that remains secure even if the nonce is repeated. While this is an advantage over the original GCM, we first point out that GCM-SIV allows…
View article: Symmetric Cryptography (Dagstuhl Seminar 16021)
Symmetric Cryptography (Dagstuhl Seminar 16021) Open
From 10.01.2016 to 15.01.2016, the Seminar 16021 in Symmetric Cryptography was held in Schloss Dagstuhl-Leibniz Center for Informatics. It was the fifth in the series of the Dagstuhl seminars "Symmetric Cryptography" held in 2007, 2009, 20…