Team for Research in
Ubiquitous Secure Technology

Tweakable Block Ciphers
Moses Liskov, Ronald L. Rivest, David Wagner

Citation
Moses Liskov, Ronald L. Rivest, David Wagner. "Tweakable Block Ciphers". Journal of Cryptology, 24(3), July 2011.

Abstract
We propose a new cryptographic primitive, the "tweakable block cipher." Such a cipher has not only the usual inputs - message and cryptographic key - but also a third input, the "tweak." The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable block ciphers are easy to design, (2) the extra cost of making a block cipher "tweakable" is small, and (3) it is easier to design and prove modes of operation based on tweakable block ciphers.

Electronic downloads

Citation formats  
  • HTML 
    Moses Liskov, Ronald L. Rivest, David Wagner. <a
href="http://www.truststc.org/pubs/849.html"
>Tweakable Block Ciphers</a>, <i>Journal of
Cryptology</i>, 24(3), July 2011.
  • Plain text 
    Moses Liskov, Ronald L. Rivest, David Wagner.
"Tweakable Block Ciphers". <i>Journal of
Cryptology</i>, 24(3), July 2011.
  • BibTeX 
    @article{LiskovRivestWagner11_TweakableBlockCiphers,
    author = {Moses Liskov and Ronald L. Rivest and David Wagner},
    title = {Tweakable Block Ciphers},
    journal = {Journal of Cryptology},
    volume = {24},
    number = {3},
    month = {July},
    year = {2011},
    abstract = {We propose a new cryptographic primitive, the
              "tweakable block cipher." Such a cipher has not
              only the usual inputs - message and cryptographic
              key - but also a third input, the "tweak." The
              tweak serves much the same purpose that an
              initialization vector does for CBC mode or that a
              nonce does for OCB mode. Our proposal thus brings
              this feature down to the primitive block-cipher
              level, instead of incorporating it only at the
              higher modes-of-operation levels. We suggest that
              (1) tweakable block ciphers are easy to design,
              (2) the extra cost of making a block cipher
              "tweakable" is small, and (3) it is easier to
              design and prove modes of operation based on
              tweakable block ciphers.},
    URL = {http://www.truststc.org/pubs/849.html}
}

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.