Context-Committing Authenticated Encryptions Using Tweakable Stream Cipher

Abstract

Read online

Committing security of authenticated encryption schemes is an emerging area and an active field of research and is highly motivated by real-world scenarios. CMT-4 security of authenticated encryption scheme is a security notion, where an adversary must create two distinct tuples, each containing a key, a nonce, an associated data and a message for the encryption sub-routine of the authenticated encryption scheme, such that outputs produced by the encryption sub-routine for the two tuples are the same. In this paper, we analyze CMT-4 security of four tweakable wide block cipher schemes HBSH, HCTR2, double-decker and docked-double-decker under encode-then-encipher paradigm by prepending zeros, and present CMT-4 attacks with $O(1)$ time complexity for all the four schemes. We introduce the notion of tweakable stream cipher (tS in short) with the property of partial collision resistance, and use it to create four new tweakable wide block cipher schemes: HBtSH, HtS, tS-double-decker and tS-docked-double-decker. These four proposed schemes can be used to create a CMT-4 secure authenticated encryption scheme with the property of partial collision under encode-then-encipher paradigm. Further, we provide security proof with partial collision resistance for the four proposed schemes against a CMT-4 adversary.

Keywords

• Authenticated encryption
• context commitment
• double-decker
• docked-double-decker
• disk encryption
• HBSH