Provable-Security Analysis of Authenticated Encryption Based on Lesamnta-LW in the Ideal Cipher Model

Hirose, Kuwakado and Yoshida proposed a nonce-based authenticated encryption scheme Lae0 based on Lesamnta-LW in 2019. Lesamnta-LW is a block-cipher-based iterated hash function included in the ISO/IEC 29192-5 lightweight hash-function standard. They also showed that Lae0 satisfies both privacy and...

Full description

Saved in:
Bibliographic Details
Published inIEICE Transactions on Information and Systems Vol. E104.D; no. 11; pp. 1894 - 1901
Main Authors HIROSE, Shoichi, KUWAKADO, Hidenori, YOSHIDA, Hirotaka
Format Journal Article
LanguageEnglish
Published Tokyo The Institute of Electronics, Information and Communication Engineers 01.11.2021
Japan Science and Technology Agency
Subjects
Algorithms
authenticated encryption
Authentication
Encryption
hash function
ideal cipher model
Lesamnta-LW
Permutations
Pseudorandom
Security
Online AccessGet full text

Cover

Abstract Hirose, Kuwakado and Yoshida proposed a nonce-based authenticated encryption scheme Lae0 based on Lesamnta-LW in 2019. Lesamnta-LW is a block-cipher-based iterated hash function included in the ISO/IEC 29192-5 lightweight hash-function standard. They also showed that Lae0 satisfies both privacy and authenticity if the underlying block cipher is a pseudorandom permutation. Unfortunately, their result implies only about 64-bit security for instantiation with the dedicated block cipher of Lesamnta-LW. In this paper, we analyze the security of Lae0 in the ideal cipher model. Our result implies about 120-bit security for instantiation with the block cipher of Lesamnta-LW.
AbstractList Hirose, Kuwakado and Yoshida proposed a nonce-based authenticated encryption scheme Lae0 based on Lesamnta-LW in 2019. Lesamnta-LW is a block-cipher-based iterated hash function included in the ISO/IEC 29192-5 lightweight hash-function standard. They also showed that Lae0 satisfies both privacy and authenticity if the underlying block cipher is a pseudorandom permutation. Unfortunately, their result implies only about 64-bit security for instantiation with the dedicated block cipher of Lesamnta-LW. In this paper, we analyze the security of Lae0 in the ideal cipher model. Our result implies about 120-bit security for instantiation with the block cipher of Lesamnta-LW.
ArticleNumber 2021NGP0008
Author HIROSE, Shoichi
KUWAKADO, Hidenori
YOSHIDA, Hirotaka
Author_xml – sequence: 1
  fullname: HIROSE, Shoichi
  organization: Faculty of Engineering, University of Fukui
– sequence: 2
  fullname: KUWAKADO, Hidenori
  organization: Faculty of Informatics, Kansai University
– sequence: 3
  fullname: YOSHIDA, Hirotaka
  organization: National Institute of Advanced Industrial Science and Technology
BookMark eNpNkE1rGzEQhkVJoI7Tf9CDoOdNNPrYj6PrOqnBTQJJ6FHMamfrNRutK8kB__tucOzmNC_D8wzMe8HO_OCJsa8grsCUxXUK6GPn2yspJNzdPgghyk9sAoU2GagczthEVJBnpVHyM7uIcSMElBLMhNFDGF6x7il7JLcLXdrzmcd-H7vIh5bPdmlNPnUOEzV84V3Yb1M3eP4d47gYw4oivviE2eo37zwfcb5sCHs-77ZrCvzX0FB_yc5b7CN9eZ9T9nyzeJr_zFb3t8v5bJU5I3XKCiVcjq1RGoq6MEZKI0GXTgvTgEKdt6JWQjSVcm3VYJ03qBVpN1pVhXWjpuzb4e42DH93FJPdDLsw_hOtNBWoqsoLNVL6QLkwxBiotdvQvWDYWxD2rVB7LNR-KHTUHg_aJib8QycJw9hPT_-lBQhtf1iAY_pw5US7NQZLXv0D9WOKag
CitedBy_id crossref_primary_10_1002_spy2_304
Cites_doi 10.1007/978-3-642-28496-0_19
10.1145/501983.502011
10.1007/0-387-34805-0
10.1007/978-3-642-22792-9_13
10.1007/978-3-030-40921-0_3
10.1007/0-387-34805-0_40
10.1007/3-540-44987-6_32
10.1007/978-3-319-13051-4_7
10.1007/978-3-540-25937-4_22
10.1007/3-540-44448-3_41
10.1049/ise2.12044
10.1007/978-3-662-45611-8_6
10.1587/transfun.E95.A.89
10.1007/0-387-34805-0_39
10.1017/CBO9780511814075
10.1145/335305.335335
10.1007/978-3-030-57808-4_5
10.1007/978-3-642-23951-9_21
10.1007/978-3-642-55220-5_15
10.1007/978-3-662-46800-5_2
10.1007/11761679_23
ContentType Journal Article
Copyright 2021 The Institute of Electronics, Information and Communication Engineers
Copyright Japan Science and Technology Agency 2021
Copyright_xml – notice: 2021 The Institute of Electronics, Information and Communication Engineers
– notice: Copyright Japan Science and Technology Agency 2021
DBID AAYXX
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
DOI 10.1587/transinf.2021NGP0008
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
Computer and Information Systems Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Advanced Technologies Database with Aerospace
ProQuest Computer Science Collection
Computer and Information Systems Abstracts Professional
DatabaseTitleList Computer and Information Systems Abstracts
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Computer Science
EISSN 1745-1361
EndPage 1901
ExternalDocumentID 10_1587_transinf_2021NGP0008
article_transinf_E104_D_11_E104_D_2021NGP0008_article_char_en
GroupedDBID -~X
5GY
ABZEH
ACGFS
ADNWM
AENEX
ALMA_UNASSIGNED_HOLDINGS
CS3
DU5
EBS
EJD
F5P
ICE
JSF
JSH
KQ8
OK1
P2P
RJT
RZJ
TN5
TQK
ZKX
AAYXX
CITATION
7SC
8FD
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c524t-730c6af53417b7552252148c405d13a46f0b300d93cf9dab6da43e4c0c699abd3
ISSN 0916-8532
IngestDate Thu Oct 10 16:40:32 EDT 2024
Fri Aug 23 02:39:13 EDT 2024
Wed Apr 05 14:40:19 EDT 2023
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 11
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c524t-730c6af53417b7552252148c405d13a46f0b300d93cf9dab6da43e4c0c699abd3
OpenAccessLink https://www.jstage.jst.go.jp/article/transinf/E104.D/11/E104.D_2021NGP0008/_article/-char/en
PQID 2591399673
PQPubID 2048497
PageCount 8
ParticipantIDs proquest_journals_2591399673
crossref_primary_10_1587_transinf_2021NGP0008
jstage_primary_article_transinf_E104_D_11_E104_D_2021NGP0008_article_char_en
PublicationCentury 2000
PublicationDate 2021-11-01
PublicationDateYYYYMMDD 2021-11-01
PublicationDate_xml – month: 11
  year: 2021
  text: 2021-11-01
  day: 01
PublicationDecade 2020
PublicationPlace Tokyo
PublicationPlace_xml – name: Tokyo
PublicationTitle IEICE Transactions on Information and Systems
PublicationTitleAlternate IEICE Trans. Inf. & Syst.
PublicationYear 2021
Publisher The Institute of Electronics, Information and Communication Engineers
Japan Science and Technology Agency
Publisher_xml – name: The Institute of Electronics, Information and Communication Engineers
– name: Japan Science and Technology Agency
References [15] C.S. Jutla, “Encryption modes with almost free message integrity,” EUROCRYPT 2001, ed. B. Pfitzmann, Lect. Notes Comput. Sci., vol.2045, pp.529-544, Springer, 2001. 10.1007/3-540-44987-6_32
[13] J. Katz and M. Yung, “Complete characterization of security notions for probabilistic private-key encryption,” Proc. Thirty-Second Annual ACM Symposium on Theory of Computing, pp.245-254, May 2000. 10.1145/335305.335335
[5] FIPS PUB 202, “SHA-3 standard: Permutation-based hash and extendable-output functions,” 2015. 10.6028/nist.fips.202
[9] S. Hirose, K. Ideguchi, H. Kuwakado, T. Owada, B. Preneel, and H. Yoshida, “An AES based 256-bit hash function for lightweight applications: Lesamnta-LW,” IEICE Trans. Fundamentals, vol.E95-A, no.1, pp.89-99, Jan. 2012. 10.1587/transfun.E95.A.89
[12] S. Hirose, H. Kuwakado, and H. Yoshida, “Authenticated encryption based on Lesamnta-LW hashing mode,” ICISC 2019, ed. J.H. Seo, Lect. Notes Comput. Sci., vol.11975, pp.52-69, Springer, 2019. 10.1007/978-3-030-40921-0_3
[7] J. Guo, T. Peyrin, and A. Poschmann, “The PHOTON family of lightweight hash functions,” CRYPTO 2011, ed. P. Rogaway, Lect. Notes Comput. Sci., vol.6841, pp.222-239, Springer, 2011. 10.1007/978-3-642-22792-9_13
[19] ISO/IEC 19772, “Information technology-security techniques-authenticated encryption,” 2009. 10.3403/30105117
[22] P. Rogaway, “Nonce-based symmetric encryption,” FSE 2004, ed. B.K. Roy and W. Meier, Lect. Notes Comput. Sci., vol.3017, pp.348-359, Springer, 2004. 10.1007/978-3-540-25937-4_22
[28] R. Shiba, K. Sakamoto, F. Liu, K. Minematsu, and T. Isobe, “Integral and impossible differential attacks on the reduced-round Lesamnta-LW-BC,” The 38th Symposium on Cryptography and Information Security, 1B1-2, 2021.
[23] C. Namprempre, P. Rogaway, and T. Shrimpton, “Reconsidering generic composition,” EUROCRYPT 2014, ed. P.Q. Nguyen and E. Oswald, Lect. Notes Comput. Sci., vol.8441, pp.257-274, Springer, 2014. 10.1007/978-3-642-55220-5_15
[1] FIPS PUB 197, “Advanced encryption standard (AES),” 2001.
[6] ISO/IEC 29192-5, “Information technology-security techniques-lightweight cryptography-part 5: Hash-functions,” 2016. 10.3403/30311323
[27] S. Hirose, Y. Sasaki, and H. Yoshida, “Lesamnta-LW revisited: Improved security analysis of primitive and new PRF mode,” ACNS 2020, ed. M. Conti, J. Zhou, E. Casalicchio, and A. Spognardi, Lect. Notes Comput. Sci., vol.12146, pp.89-109, Springer, 2020. 10.1007/978-3-030-57808-4_5
[3] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “Sponge functions,” ECRYPT Hash Workshop, 2007.
[8] A. Bogdanov, M. Knežević, G. Leander, D. Toz, K. Varici, and I. Verbauwhede, “SPONGENT: A lightweight hash function,” CHES 2011, ed. B. Preneel and T. Takagi, Lect. Notes Comput. Sci., vol.6917, pp.312-325, Springer, 2011. 10.1007/978-3-642-23951-9_21
[2] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “Duplexing the sponge: Single-pass authenticated encryption and other applications,” SAC 2011, ed. A. Miri and S. Vaudenay, Lect. Notes Comput. Sci., vol.7118, pp.320-337, Springer, 2011. 10.1007/978-3-642-28496-0_19
[21] FIPS PUB 180-4, “Secure hash standard (SHS),” Aug. 2015. 10.6028/nist.fips.180-4
[26] V.T. Hoang, T. Krovetz, and P. Rogaway, “Robust authenticated-encryption AEZ and the problem that it solves,” EUROCRYPT 2015, ed. E. Oswald and M. Fischlin, Lect. Notes Comput. Sci., vol.9056, pp.15-44, Springer, 2015. 10.1007/978-3-662-46800-5_2
[14] M. Bellare and C. Namprempre, “Authenticated encryption: Relations among notions and analysis of the generic composition paradigm,” ASIACRYPT 2000, ed. T. Okamoto, Lect. Notes Comput. Sci., vol.1976, pp.531-545, Springer, 2000. 10.1007/3-540-44448-3_41
[17] NIST Special Publication 800-38C, “Recommendation for block cipher modes of operation: The CCM mode for authentication and confidentiality,” 2004. 10.6028/nist.sp.800-38c
[11] R.C. Merkle, “One way hash functions and DES,” in Brassard [30], pp.428-446, Springer, 1990. 10.1007/0-387-34805-0_40
[10] I. Damgård, “A design principle for hash functions,” in Brassard [30], pp.416-427, Springer, 1990. 10.1007/0-387-34805-0_39
[29] R. Motwani and P. Raghavan, Randomized Algorithms, Cambridge University Press, 1995. 10.1017/CBO9780511814075
[16] P. Rogaway, M. Bellare, J. Black, and T. Krovetz, “OCB: a block-cipher mode of operation for efficient authenticated encryption,” ACM Conference on Computer and Communications Security, pp.196-205, Nov. 2001. 10.1145/501983.502011
[25] E. Andreeva, A. Bogdanov, A. Luykx, B. Mennink, N. Mouha, and K. Yasuda, “How to securely release unverified plaintext in authenticated encryption,” ASIACRYPT 2014, ed. P. Sarkar and T. Iwata, Lect. Notes Comput. Sci., vol.8873, pp.105-125, Springer, 2014. 10.1007/978-3-662-45611-8_6
[4] G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, “The KECCAK sponge function family,” 2008. http://keccak.noekeon.org.
[20] S. Cogliani, D. Maimut, D. Naccache, R.P. do Canto, R. Reyhanitabar, S. Vaudenay, and D. Vizár, “OMD: A compression function mode of operation for authenticated encryption,” SAC 2014, ed. A. Joux and A.M. Youssef, Lect. Notes Comput. Sci., vol.8781, pp.112-128, Springer, 2014. 10.1007/978-3-319-13051-4_7
[24] P. Rogaway and T. Shrimpton, “A provable-security treatment of the key-wrap problem,” EUROCRYPT 2006, ed. S. Vaudenay, Lect. Notes Comput. Sci., vol.4004, pp.373-390, Springer, 2006. 10.1007/11761679_23
[18] NIST Special Publication 800-38D, “Recommendation for block cipher modes of operation: Galois/counter mode (GCM) and GMAC,” 2007. 10.6028/nist.sp.800-38d
[30] G. Brassard, ed., Advances in Cryptology-CRYPTO '89, Lect. Notes Comput. Sci., vol.435, Springer, 1990. 10.1007/0-387-34805-0
22
23
24
25
26
27
28
29
30
10
11
12
13
14
15
16
17
18
19
1
2
3
4
5
6
7
8
9
20
21
References_xml – ident: 18
– ident: 2
  doi: 10.1007/978-3-642-28496-0_19
– ident: 4
– ident: 16
  doi: 10.1145/501983.502011
– ident: 30
  doi: 10.1007/0-387-34805-0
– ident: 7
  doi: 10.1007/978-3-642-22792-9_13
– ident: 12
  doi: 10.1007/978-3-030-40921-0_3
– ident: 11
  doi: 10.1007/0-387-34805-0_40
– ident: 15
  doi: 10.1007/3-540-44987-6_32
– ident: 20
  doi: 10.1007/978-3-319-13051-4_7
– ident: 22
  doi: 10.1007/978-3-540-25937-4_22
– ident: 14
  doi: 10.1007/3-540-44448-3_41
– ident: 28
  doi: 10.1049/ise2.12044
– ident: 17
– ident: 3
– ident: 5
– ident: 25
  doi: 10.1007/978-3-662-45611-8_6
– ident: 1
– ident: 9
  doi: 10.1587/transfun.E95.A.89
– ident: 10
  doi: 10.1007/0-387-34805-0_39
– ident: 29
  doi: 10.1017/CBO9780511814075
– ident: 13
  doi: 10.1145/335305.335335
– ident: 19
– ident: 27
  doi: 10.1007/978-3-030-57808-4_5
– ident: 8
  doi: 10.1007/978-3-642-23951-9_21
– ident: 23
  doi: 10.1007/978-3-642-55220-5_15
– ident: 6
– ident: 21
– ident: 26
  doi: 10.1007/978-3-662-46800-5_2
– ident: 24
  doi: 10.1007/11761679_23
SSID ssj0018215
Score 2.3202546
Snippet Hirose, Kuwakado and Yoshida proposed a nonce-based authenticated encryption scheme Lae0 based on Lesamnta-LW in 2019. Lesamnta-LW is a block-cipher-based...
SourceID proquest
crossref
jstage
SourceType Aggregation Database
Publisher
StartPage 1894
SubjectTerms Algorithms
authenticated encryption
Authentication
Encryption
hash function
ideal cipher model
Lesamnta-LW
Permutations
Pseudorandom
Security
Title Provable-Security Analysis of Authenticated Encryption Based on Lesamnta-LW in the Ideal Cipher Model
URI https://www.jstage.jst.go.jp/article/transinf/E104.D/11/E104.D_2021NGP0008/_article/-char/en
https://www.proquest.com/docview/2591399673
Volume E104.D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
ispartofPNX IEICE Transactions on Information and Systems, 2021/11/01, Vol.E104.D(11), pp.1894-1901
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lj9MwELbKwgEOPBZWFBbkA7eVlzycpD6WNqVlS7vQVltOkZM4bHkkKM0iwY_htzJ24iRVVwi4RFbsJNbMl5mxPQ-EXhgsCoVnOIS5HifUpSZhgrqEW72IGcKLXeVE83bmjlf0zdpZdzq_Wl5LV0V4Gv28Nq7kf7gK94CvMkr2HzhbvxRuQBv4C1fgMFz_isfnefZdhj6RRVWFbifHiNz9kr5A0ucpPvHTKP9RyodXoLlieUowFVv-NS04mV5of8dJLDMNDzYy24AqlPalbb5O_MnAl2UldI1xddhQJV8ttGfztpUFXSJm8n6-UE6Xi8tsE11uaiG_uuif9Ydzpf5kcdMsr_s-zBfjybBfduVZwT_z9gaFZVaRerXyAKXfSCo5i-bQ4KSvAkzbu5KmS8CCKAW0KGWyRx1i2mXOdi20fVhGDtv4NFtS2OyVhZP31IMjN1hGikpw_1TOdvb6XNpBjTrULgCzeTBaTafB0l8vb6CbFggy6TJ49q45pepZZYUMPekqNBO-8vK6b-yYPrc-gfX_cd8EUHbN8j66Wy1IcL9E1wPUEekhuqeLfeCKoofoTitz5UMk9qCHNfRwluAd6OEGelhBD0OjBT28STEMxwp6uIQeVtB7hFYjfzkYk6piB4kcixYE1EXk8sQB08gLPQdse7AOaS-CVUFs2py6iRHahhEzO0pYzEM35tQWNIKnGONhbB-hgzRLxWOErTCkoWsLT4SMJjzhgvHE5LaReAzUlNNFRBMz-FYmZgnkghaIH2jiBy3id9G0pHg9uvptm9ESU8EQ1sS61Xq8Hi2DIUH2dNGx5ltQSYRtYDkyyS5IPfvJn7ufotvNn3KMDor8SjwD47YInyuE_QaxUKiT
link.rule.ids 315,783,787,27938,27939
linkProvider Colorado Alliance of Research Libraries
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Provable-Security+Analysis+of+Authenticated+Encryption+Based+on+Lesamnta-LW+in+the+Ideal+Cipher+Model&rft.jtitle=IEICE+transactions+on+information+and+systems&rft.au=HIROSE%2C+Shoichi&rft.au=KUWAKADO%2C+Hidenori&rft.au=YOSHIDA%2C+Hirotaka&rft.date=2021-11-01&rft.pub=Japan+Science+and+Technology+Agency&rft.issn=0916-8532&rft.eissn=1745-1361&rft.volume=E104D&rft.issue=11&rft.spage=1894&rft_id=info:doi/10.1587%2Ftransinf.2021NGP0008&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0916-8532&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0916-8532&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0916-8532&client=summon