Paper 2016/234

Trick or Tweak: On the (In)security of OTR’s Tweaks

Raphael Bost and Olivier Sanders

Abstract

Tweakable blockcipher (TBC) is a powerful tool to design authenticated encryption schemes as illustrated by Minematsu's Offset Two Rounds (OTR) construction. It considers an additional input, called tweak, to a standard blockcipher which adds some variability to this primitive. More specifically, each tweak is expected to define a different, independent pseudo-random permutation. In this work we focus on OTR's way to instantiate a TBC and show that it does not achieve such a property for a large amount of parameters. We indeed describe collisions between the input masks derived from the tweaks and explain how they result in practical attacks against this scheme, breaking privacy, authenticity, or both, using a single encryption query, with advantage at least 1/4. We stress however that our results do not invalidate the OTR construction as a whole but simply prove that the TBC's input masks should be designed differently.

Note: We added a new graph to support our claim about the security of OTR up to the birthday bound.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2016
Keywords
cryptanalysisauthenticated encryptionCAESAR competitiontweakable blockcipher
Contact author(s)
raphael_bost @ alumni brown edu
History
2017-01-25: last of 4 revisions
2016-03-03: received
See all versions
Short URL
https://ia.cr/2016/234
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/234,
      author = {Raphael Bost and Olivier Sanders},
      title = {Trick or Tweak: On the (In)security of OTR’s Tweaks},
      howpublished = {Cryptology ePrint Archive, Paper 2016/234},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/234}},
      url = {https://eprint.iacr.org/2016/234}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.