Optimality of Tweak Functions in CLOC


IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E98-A   No.10   pp.2152-2164
Publication Date: 2015/10/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E98.A.2152
Type of Manuscript: PAPER
Category: Cryptography and Information Security
authenticated encryption scheme,  CLOC,  tweak functions,  optimality,  CAESAR competition,  

Full Text: PDF(1.1MB)>>
Buy this Article

An Authenticated Encryption scheme is used to guarantee both privacy and authenticity of digital data. At FSE 2014, an authenticated encryption scheme called CLOC was proposed. CLOC is designed to handle short input data efficiently without needing heavy precomputation nor large memory. This is achieved by making various cases of different treatments in the encryption process depending on the input data. Five tweak functions are used to handle the conditional branches, and they are designed to satisfy 55 differential probability constraints, which are used in the security proof of CLOC. In this paper, we show that all these 55 constraints are necessary. This shows the design optimality of the tweak functions in CLOC in that the constraints cannot be relaxed, and hence the specification of the tweak functions cannot be simplified.