All Change in Block Ciphers: A View From The Deck

From the research team that brought you Keccak (aka SHA-3), Bcuiei et al bring you deck functions [here]:
Photo by Zac Gudakov on Unsplash

All Change in Block Ciphers: A View From The Deck

From the research team that brought you Keccak (aka SHA-3), Bcuiei et al bring you deck functions [here]:

Block ciphers are generally hard cryptography. We generally process our data in blocks of 64 or 128 bytes, and then shuffle and scramble the bytes, and do this over a number of rounds. The random permutation is then achieved using the key. Formal proof becomes difficult because of the complexity of the operations.

The team have previously presented Keccak, and which supports the squeezing of data into a sponge and which holds a given state value. This moves away from the traditional block approach. The paper presents the usage of deck functions. These are keyed functions with any size of the input and any length of the output. With a keyed function, we change the operation of the function dependent on an applied key:

O = F_K (D_1; D_2; … D_N)

In this case, we have a function F_K which has a key applied (K), and then processes a number of inputs (D_1; D_2; … D_N) to produce an output (O). Overall, it is a simpler approach, and allows for improved security proofs, and simpler ways of integrating authenticated encryption (AE):

The five ciphers defined include Desk-PLAIN, Deck-BOREE and Deck-JAMOBREE. Here is the presentation of the paper at Asiacrypt 2022:

Farfelle is one example of a deck function:

and instances of usable code is for Xoofff and Kravatte [here]. Overall, we end up with a cipher structure that looks very much like a Feistel network structure (as used with DES and 3DES):

Conclusions

There are several interesting properties to the creation of the ciphers, including the ability to incrementally update a cipher, but also to roll back to previous states. This is useful in creating intermediate tags in the encryption process and can provide proof of processing. It also allow for the inter-locking of messages sent between two hosts involved in a session.