02.06.2025
Tweakable enciphering modes and their Committing Security
Abstract
A tweakable enciphering mode (TEM) is a cryptographic primitive that provides length-preserving encryption. In 2024, the National Institute of Standards and Technology (NIST) issued the Accordion call to standardize future-proof TEMs. TEMs serve as building blocks for various modes of operation, including authenticated encryption (AE), deterministic AE (DAE) and disk encryption. NIST has identified context commitment (CMT-4) as an important security objective for TEMs when used in AE/DAE.
We will start the talk by discussing the challenges of CMT-4 secure TEMs. In particular, we show that many existing TEMs, such as HCTR2 and Adiantum, fail to achieve CMT-4. We discuss different approaches to remedy the situation, and conclude our talk by proposing novel TEM designs, which are the first to achieve provably CMT-4 security.
A tweakable enciphering mode (TEM) is a cryptographic primitive that provides length-preserving encryption. In 2024, the National Institute of Standards and Technology (NIST) issued the Accordion call to standardize future-proof TEMs. TEMs serve as building blocks for various modes of operation, including authenticated encryption (AE), deterministic AE (DAE) and disk encryption. NIST has identified context commitment (CMT-4) as an important security objective for TEMs when used in AE/DAE.
We will start the talk by discussing the challenges of CMT-4 secure TEMs. In particular, we show that many existing TEMs, such as HCTR2 and Adiantum, fail to achieve CMT-4. We discuss different approaches to remedy the situation, and conclude our talk by proposing novel TEM designs, which are the first to achieve provably CMT-4 security.