In general, encryption is the process of encoding information so that only authorized parties, and not third parties, can read the information. In an encryption scheme, the information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable ciphertext. An authorized party is able to decode the ciphertext using a decryption algorithm. In computer systems, encryption algorithms encrypt binary values (that is, bits) of information.
A block cipher is an encryption algorithm operating on a fixed-length block of bits. An n-bit block cipher encrypts a block of n bits, producing n bits of ciphertext. Block ciphers are widely used, and there are many efficient implementations of block ciphers. A block cipher uses an encryption key. The security of a block cipher is understood to degrade as the number of blocks encrypted under a particular key increases. While changing the key to a block cipher is not difficult in itself, in several important applications the frequent generation and distribution of new block cipher keys is infeasible.
A tweakable block cipher (“TBC”) is a generalization of a block cipher. An n-character TBC {tilde over (E)} is a family of permutations over Σn, where each permutation in the TBC is associated with a key and a tweak. Often, Σ={0,1}, in which case the TBC can be termed an n-bit TBC {tilde over (E)}.) For an input string, the key and tweak together specify the permutation of the input string that is produced by the TBC. In typical usage, the key is secret and fixed across many calls to the TBC, while the tweak is not secret and may change from call to call. This supports variability in the behavior of the TBC by changing values of the tweak, even though the key is fixed. If changing values of the tweak is sufficiently simple (compared to the process of key setup and update), using a TBC can be an efficient way to expand the volume of data that is securely encrypted with a block cipher. Using TBCs can simplify designing and analyzing algorithms (e.g., algorithms that can safely handle large volumes of data) A TBC may be useful when the volume of data to be encrypted is very large, compared to the available key material, and changing the block cipher key is not desirable or feasible. Even in applications in which the volume of data to be processed is not overly large, the tweak input can empower useful features in practical applications, such as using a TBC with a fixed key across several cryptographic uses, or across multiple users.
A tweakable cipher, sometimes called a tweakable enciphering scheme or large-block cipher, is an extension of a TBC to the variable-input-length (“VIL”) setting. Generally, a VIL tweakable cipher (“VILTC”) is a family of length-preserving permutations, producing ciphertext output with the same length as the plaintext input. One common approach to implementing VILTCs has been to construct a VILTC primitive from an underlying n-bit block cipher, sometimes in conjunction with one or more hashing operations. VILTCs constructed according to this approach may not provide sufficient security guarantees for some important use case scenarios, in particular, when n is small (e.g., 64), or when the amount of data to be processed by a single key is very large.