Cryptology ePrint Archive: Report 2007/028

HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach

Debrup Chakraborty and Palash Sarkar

Abstract: The notion of tweakable block ciphers was formally introduced by Liskov-Rivest-Wagner at Crypto 2002. The extension and the first construction, called CMC, of this notion to tweakable enciphering schemes which can handle variable length messages was given by Halevi-Rogaway at Crypto 2003. In this paper, we present {\hch}, which is a new construction of such a scheme. The construction uses two universal hash computations with a counter mode of encryption in-between. This approach was first proposed by McGrew-Viega to build a scheme called XCB and later used by Wang-Feng-Wu, to obtain a scheme called HCTR. Among the hash-Ctr-hash type constructions, an important advantage of {\hch} compared to the others is that {\hch} has a quadratic security bound; XCB does not provide any security bound while HCTR has a cubic security bound. A unique feature of {\hch} compared to all known tweakable enciphering schemes is that {\hch} uses a single key, can handle arbitrary length messages and has a quadratic security bound. An important application of a tweakable enciphering scheme is disk encryption. {\hch} is well suited for this application. We also describe a variant, which can utilize pre-computation and makes one less block cipher call. This compares favourably to other hash-encrypt-hash type constructions; supports better key agility and requires less key material.

Category / Keywords: secret-key cryptography / modes of operations, tweakable encryption, strong pseudo-random permutation

Publication Info: Earlier version appeared in the proceedings of Indocrypt 2006.

Date: received 27 Jan 2007, last revised 29 Jun 2007

Contact author: palash at isical ac in

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Note: This is a substantially revised version.

Version: 20070629:065936 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]