Systematic Security Analysis of Stream Encryption With Key Erasure

We consider a generalized construction of stream ciphers with forward security. The design framework is modular: it is built from a so-called layer function that updates the key and (optionally) the nonce and generates a new pseudorandom output stream. We analyze the generalized construction for fou...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information theory 2021-11, Vol.67 (11), p.7518-7534
Main Authors: Chen, Yu Long, Luykx, Atul, Mennink, Bart, Preneel, Bart
Format: Article
Language:English
Subjects:
Algorithms
Analytical models
beyond birthday bound
Ciphers
Construction
Encryption
forward security
Generators
key erasure
Modular design
NIST
Permutations
Pseudorandom
pseudorandomness
Security
Stream encryption
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We consider a generalized construction of stream ciphers with forward security. The design framework is modular: it is built from a so-called layer function that updates the key and (optionally) the nonce and generates a new pseudorandom output stream. We analyze the generalized construction for four different instantiations: two possible layer functions that are in turn instantiated with either a block cipher or a pseudorandom function. We prove that each of these instantiations gives a stream cipher that is pseudorandom and forward secure in the multi-user setting with a very tight bound. A comprehensive analysis shows that the two block cipher based instantiations achieve very similar bounds. For the pseudorandom function based instantiations there is no clear winner: either layer can be beneficial over the other one, depending on the choice of parameters. By instantiating the pseudorandom function with a generic construction such as the sum of permutations, we obtain a highly efficient and competitive stream cipher based on an n-bit block cipher that is secure beyond the 2^{\text {n}/2} birthday bound.
ISSN:0018-9448
1557-9654
DOI:10.1109/TIT.2021.3109302