New Forkcipher Designs Proposed for Lightweight Cryptography
/ 4 min read
Quick take - A recent paper presents innovative designs for tweakable forkciphers, cryptographic primitives aimed at lightweight applications, providing provable security and efficiency for short messages, particularly in resource-constrained environments like IoT devices.
Fast Facts
- The paper introduces innovative designs for tweakable forkciphers, aimed at lightweight applications like IoT, providing provable n-bit security in the Ideal Cipher Model.
- Three main constructions are proposed: F̃1 (n-bit tweak, 3 block cipher calls), F̃2 (2n-bit tweak, 4 block cipher calls), and F̃r (rn-bit tweak, (r+2) block cipher calls), each enhancing efficiency and security.
- ForkSkinny, a notable forkcipher, has undergone rigorous security evaluation, but the design space for forkciphers remains largely unexplored, particularly for provably secure constructions.
- The constructions are designed to be parallelizable, improving efficiency and reducing complexity compared to traditional tweakable block ciphers, while also addressing vulnerabilities like birthday attacks.
- Forkciphers are essential for ensuring confidentiality, integrity, and authenticity in resource-constrained environments, making them suitable for various cryptographic applications, including AEAD schemes and MACs.
Exploring Tweakable Forkciphers for Lightweight Applications
A recent paper has explored the design of tweakable forkciphers, cryptographic primitives aimed at lightweight applications, particularly suitable for short messages. The concept of forkciphers was introduced by Andreeva et al. at ASIACRYPT 2019. Since their inception, forkciphers have evolved, with notable developments including ForkSkinny, a specific forkcipher based on the tweakable block cipher SKINNY, whose security has been rigorously evaluated through cryptanalysis.
Innovations in Forkcipher Design
Despite the emergence of several efficient authenticated encryption with associated data (AEAD) and message authentication code (MAC) schemes based on forkciphers, the area of forkcipher design remains largely unexplored, particularly concerning constructions that are provably secure. The paper proposes innovative forkcipher designs for various tweak lengths, employing a block cipher as the underlying primitive. Security proofs for these constructions are provided under the assumption that the block cipher behaves as an ideal block cipher.
Three main constructions are introduced in the paper:
- F̃1: Designed for an n-bit tweak, achieving optimal n-bit security with three block cipher calls.
- F̃2: Tailored for a 2n-bit tweak, also reaching optimal n-bit security but utilizing four block cipher calls.
- F̃r: Caters to a general rn-bit tweak, attaining n-bit security with (r+2) block cipher calls.
Notably, F̃1 and F̃2 require one extra block cipher call compared to existing tweakable block cipher designs for equivalent security. F̃r necessitates one additional call for large tweaks (rn-bits, r ≥ 3) beyond the conjectured minimum. The constructions are analyzed within the Ideal Cipher Model, focusing on the indistinguishability between real and ideal oracles. They are designed to be parallelizable, enhancing efficiency and reducing complexity compared to executing two separate tweakable block ciphers for the same tweak size.
Practical Applications and Security Considerations
The F̃1 construction takes a key, tweak, and plaintext as input to produce a 2n-bit ciphertext. F̃2 processes a 2n-bit tweak and plaintext through a more complex key and tweak processing mechanism, also yielding a 2n-bit ciphertext. The paper presents theoretical bounds on distinguishing attacks and collision probabilities, along with mitigation strategies for identified vulnerabilities. These forkcipher constructions represent the first instances with provable n-bit security in the Ideal Cipher Model. Modifications were made to counter a birthday attack identified during the review process of the first proposed construction.
Forkciphers are particularly relevant for lightweight environments, such as Internet of Things (IoT) devices and mobile systems, which often operate with limited computational resources. By enhancing security without overburdening system resources, forkciphers improve efficiency for AEAD schemes, ensuring confidentiality, integrity, and authenticity of data while minimizing computational overhead.
Forkciphers serve as foundational primitives for a variety of cryptographic applications, including AEAD schemes, MACs, and pseudorandom number generators (PRNGs). They can be designed to resist side-channel attacks, making them suitable for the protection of sensitive operations. The constructions provide robust theoretical guarantees against cryptanalytic attacks and simplify cryptographic design by integrating encryption and authentication into a single primitive.
Their relevance extends to addressing emerging threats and adapting to changing adversarial tactics. Additionally, forkciphers have proven utility in cloud security, where data encryption, authentication, and transmission are crucial. The paper emphasizes the importance of forkciphers in striking a balance between efficiency and security, particularly significant in the face of modern cybersecurity challenges.
Original Source: Read the Full Article Here
