Paper 2015/476

XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees

Bart Mennink

Abstract

We present XPX, a tweakable blockcipher based on a single permutation P. On input of a tweak (t_{11},t_{12},t_{21},t_{22}) in T and a message m, it outputs ciphertext c=P(m xor Delta_1) xor Delta_2, where Delta_1=t_{11}k xor t_{12}P(k) and Delta_2=t_{21}k xor t_{22}P(k). Here, the tweak space T is required to satisfy a certain set of trivial conditions (such as (0,0,0,0) not in T). We prove that XPX with any such tweak space is a strong tweakable pseudorandom permutation. Next, we consider the security of XPX under related-key attacks, where the adversary can freely select a key-deriving function upon every evaluation. We prove that XPX achieves various levels of related-key security, depending on the set of key-deriving functions and the properties of T. For instance, if t_{12},t_{22} neq 0 and (t_{21},t_{22}) neq (0,1) for all tweaks, XPX is XOR-related-key secure. XPX generalizes Even-Mansour (EM), but also Rogaway's XEX based on EM, and various other tweakable blockciphers. As such, XPX finds a wide range of applications. We show how our results on XPX directly imply related-key security of the authenticated encryption schemes Prøst-COPA and Minalpher, and how a straightforward adjustment to the MAC function Chaskey and to keyed Sponges makes them provably related-key secure.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in CRYPTO 2016
Keywords
XPXXEXEven-Mansourtweakable blockcipherrelated-key securityPrøstCOPAMinalpherChaskeyKeyed Sponges
Contact author(s)
bart mennink @ esat kuleuven be
History
2016-05-30: last of 2 revisions
2015-05-19: received
See all versions
Short URL
https://ia.cr/2015/476
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/476,
      author = {Bart Mennink},
      title = {XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees},
      howpublished = {Cryptology ePrint Archive, Paper 2015/476},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/476}},
      url = {https://eprint.iacr.org/2015/476}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.