**Generalized Tweakable Even-Mansour Cipher with Strong Security Guarantee and Its Application to Authenticated Encryption**

*Ping Zhang, Honggang Hu, and Peng Wang*

**Abstract: **We present a generalized tweakable blockcipher HPH, which is constructed from a public random permutation $P$ and an almost-XOR-universal (AXU) hash function $H$ with a tweak and key schedule $(t_1,t_2,K)\in \mathcal{T}\times \mathcal{K}$, and defined as $y=HPH_K((t_1,t_2),x)=P(x\oplus H_K(t_1))\oplus H_K(t_2)$, where the key $K$ is chosen from a key space $\mathcal{K}$, the tweak $(t_1,t_2)$ is chosen from a tweak space $\mathcal{T}$, $x$ is a plaintext, and $y$ is a ciphertext. We prove that HPH is a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on the security of HPH against multi-key and related-key attacks. We prove that HPH achieves multi-key-STPRP (MK-STPRP) security and HPH with related-key-AXU hash functions achieves related-key-STPRP (RK-STPRP) security, and derive a tight bound, respectively. HPH can be extended to wide applications. It can be directly applied to authentication and authenticated encryption modes. We appy HPH to PMAC1 and OPP, provide two improved modes HPMAC and OPH, and prove that they are single-key-secure, multi-key-secure, and related-key-secure.

**Category / Keywords: **Tweakable Even-Mansour, almost-XOR-universal hash functions, HPH, multi-key attacks, related-key attacks, H-coefficients technique, authenticated encryption.

**Date: **received 2 Jan 2017, last revised 15 Jan 2017, withdrawn 4 Apr 2017

**Contact author: **zgp at mail ustc edu cn

**Available format(s): **(-- withdrawn --)

**Note: **We enrich the original paper. The new version extends HPH to the application of MAC.

**Version: **20170405:004609 (All versions of this report)

**Short URL: **ia.cr/2017/002

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]