Team for Research in
Ubiquitous Secure Technology

Tweakable Block Ciphers
Moses Liskov, Ronald L. Rivest, David Wagner

Citation
Moses Liskov, Ronald L. Rivest, David Wagner. "Tweakable Block Ciphers". Journal of Cryptology, 24(3), July 2011.

Abstract
We propose a new cryptographic primitive, the "tweakable block cipher." Such a cipher has not only the usual inputs - message and cryptographic key - but also a third input, the "tweak." The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable block ciphers are easy to design, (2) the extra cost of making a block cipher "tweakable" is small, and (3) it is easier to design and prove modes of operation based on tweakable block ciphers.

Electronic downloads

Citation formats  
  • HTML
    Moses Liskov, Ronald L. Rivest, David Wagner. <a
    href="http://www.truststc.org/pubs/849.html"
    >Tweakable Block Ciphers</a>, <i>Journal of
    Cryptology</i>, 24(3), July 2011.
  • Plain text
    Moses Liskov, Ronald L. Rivest, David Wagner.
    "Tweakable Block Ciphers". <i>Journal of
    Cryptology</i>, 24(3), July 2011.
  • BibTeX
    @article{LiskovRivestWagner11_TweakableBlockCiphers,
        author = {Moses Liskov and Ronald L. Rivest and David Wagner},
        title = {Tweakable Block Ciphers},
        journal = {Journal of Cryptology},
        volume = {24},
        number = {3},
        month = {July},
        year = {2011},
        abstract = {We propose a new cryptographic primitive, the
                  "tweakable block cipher." Such a cipher has not
                  only the usual inputs - message and cryptographic
                  key - but also a third input, the "tweak." The
                  tweak serves much the same purpose that an
                  initialization vector does for CBC mode or that a
                  nonce does for OCB mode. Our proposal thus brings
                  this feature down to the primitive block-cipher
                  level, instead of incorporating it only at the
                  higher modes-of-operation levels. We suggest that
                  (1) tweakable block ciphers are easy to design,
                  (2) the extra cost of making a block cipher
                  "tweakable" is small, and (3) it is easier to
                  design and prove modes of operation based on
                  tweakable block ciphers.},
        URL = {http://www.truststc.org/pubs/849.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.