报告名称：TNT: How to Tweak a Block Cipher

主办单位：数学与统计学学院

报告专家：郭淳

专家所在单位：山东大学

报告时间：2020年6月4日14:30

报告地点：腾讯会议，ID:258 634 806，密码：402402

专家简介：郭淳，山东大学网络空间安全学院教授、博士生导师。博士2017年1月于中国科学院信息工程研究所取得博士学位，师从林东岱研究员；2017年9月至2019年8月在比利时天主教鲁汶大学（法语）从事博士后工作，合作导师François-Xavier Standaert；2019年8月获评山东大学齐鲁青年学者。一直从事对称密码系统设计与可证明安全的研究工作，重点围绕分组密码结构的可证明安全、对称密码工作模式理论与应用、抗泄漏安全性等研究方向，迄今在S&P、美密会、欧密会、亚密会、IEEE IT等会议和期刊发表论文21篇。

报告摘要：This talk is about our EUROCRYPT 2020 paper "TNT: How to Tweak a Block Cipher", though we'll elaborate more on the background of tweakable block ciphers. In that paper, we propose Tweak-aNd-Tweak (TNT for short) mode, which builds a tweakable block cipher from three independent block ciphers. TNT deals with tweak input by simply XOR-ing the original form of tweak into the internal state of block ciphers twice. Due to its simplicity, TNT can also be viewed as a way of turning a block cipher into a tweakable block cipher by dividing the block cipher into three chunks, and adding the tweak at the two cutting points only. TNT is proven to be of beyond-birthday-bound 22n/3 security, under the assumption that thethree chunks are independent secure PRPs. It clearly brings minimum possible overhead to both software and hardware implementations. To demonstrate this, an instantiation named TNT-AES with 5, 6, 5 rounds of AES as the underlying block ciphers is proposed. Besides the inherent proven security bound and tweak independent re-key feature from TNT mode, TNT-AES also enjoys performances comparable with all existing TBCs designed through modular methods..

邀请人：向泽军