## Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC (2003)

### BibTeX

@MISC{03efficientinstantiations,

author = {},

title = {Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC},

year = {2003}

}

### OpenURL

### Abstract

We describe highly efficient constructions, XE and XEX, that turn a blockcipher E: K× {0, 1} n →{0, 1} n into a tweakable blockcipher � E: K×T ×{0, 1} n →{0, 1} n having tweak space T = {0, 1} n × I where I is a set of tuples of integers such as I =[1.. 2n/2] × [0.. 10]. When tweak T is obtained from tweak S by incrementing one if its numerical components, the cost to compute � ET K (M) having already computed some � ES K (M ′ ) is one blockcipher call plus a small and constant number of elementary machine operations. Our constructions work by associating to the ith coordinate of I a “small ” element αi ∈ F ∗ 2n and multiplying by αi when one increments that component of the tweak. We illustrate the use of this approach by refining the authenticated-encryption scheme OCB and the message authentication code PMAC, yielding variants of these algorithms, OCB1 and PMAC1, that are simpler and faster than the original schemes, and yet have simpler proofs. Our results bolster the thesis of Liskov, Rivest, and Wagner [12] that a desirable approach for designing modes of operation is to start from a tweakable blockcipher. We elaborate on their idea, suggesting the kind of tweak space, usagediscipline, and blockcipher-based instantiations that give rise to simple and efficient modes of operation of a conventional blockciphers. Key words: authenticated encryption, modes of operation, OCB, PMAC, provable security, tweakable blockciphers.