FSE 2020
Cryptanalysis of OCB2: the attacks and the story behind
I will talk about OCB2, an authenticated encryption (AE) mode of operation proposed at 2004. It is a very popular scheme for its innovative design. The tweakable block cipher-based modular architecture of OCB2 was influenced to countless subsequent schemes. However, our paper presented at CRYPTO 2019 showed that it is completely broken with negligible amount of computation. In addition to the description of our attacks, I will tell a bit more on the story behind this break, how it started and evolved, hoping that it contributes to our understanding of practical provable security.
Kazuhiko Minematsu received his B.E., M.E. and Dr.S. degrees at Waseda University in 1996, 1998, and 2008. He joined NEC since 1998 and now works as a Research Fellow in the field of symmetric-key cryptography and its application systems. He received Best paper awards at FSE 2015 and CRYPTO 2019 from IACR.
More about Kazuhiko Minematsu
Tweakable Block Cipher-Based Cryptography
A tweakable block cipher (TBC) basically consists of a block cipher with an extra input, the tweak, that allows to select a family of keyed permutations. Since their first formalization by Liskov et al. at CRYPTO 2012, TCBCs have recently gained popularity as they can easily instantiate beyond birthday-bound operating modes. In particular, these modes are potentially very attractive for lightweight cryptography, where it is crucial to reach a security as high as possible for a state as small as possible. In this talk, we will review the latest advances in tweakable block ciphers. First, we will recall how to design TBCs from an existing primitive or from scratch. Then, using the example of lightweight authenticated encryption, we will study why TBCs are very competitive primitives in that scenario. Finally, we will exhibit other possible future usages of TBCs. Throughout the talk, we will try to identify several possibly interesting open research problems.
Thomas Peyrin received his engineer M.S. in 2004 from CPE Lyon and specialized in theoretical computer science at the Ecole Polytechnique in France. He completed in 2008 a doctorate in cryptography at Orange Labs, formerly known as France Telecom, during which he was awarded the Japan Society for the Promotion of Science (JSPS) grant. He previously worked as a Cryptography Expert at Ingenico (the world leader in payment solutions) and as a Research Fellow at the School of Physical and Mathematical Sciences of Nanyang Technological University in Singapore under the Singapore Lee Kuan Yew Postdoctoral Fellowship. He was appointed Nanyang Assistant Professor in 2012 under the Singapore NRF fellowship, and Associate Professor at NTU in 2017.
His favorite research topic is symmetric-key cryptography, in particular hash functions, block ciphers and cryptanalysis. He is also interested in lightweight cryptography, aimed for very constrained environments. Notably, he is one of the designers of LED, GIFT, SKINNY and PHOTON (ISO standard), currently some of the smallest known symmetric-key cryptography primitives. He was involved in the NIST SHA-3 competition as one of the main designers of the candidate ECHO, which has been selected for the second round of the process. He also proposed BPS (NIST and ANSI standard), a format-preserving encryption scheme that helps for example to secure credit card transactions. He is co-designer of Deoxys algorithm for authenticated encryption, who was selected as finalist for the CAESAR competition for authenticated encryption primitives.