Paper 2017/002

Generalized Tweakable Even-Mansour Cipher with Strong Security Guarantee and Its Application to Authenticated Encryption

Ping Zhang, Honggang Hu, and Peng Wang

Abstract

We present a generalized tweakable blockcipher HPH, which is constructed from a public random permutation $P$ and an almost-XOR-universal (AXU) hash function $H$ with a tweak and key schedule $(t_1,t_2,K)\in \mathcal{T}\times \mathcal{K}$, and defined as $y=HPH_K((t_1,t_2),x)=P(x\oplus H_K(t_1))\oplus H_K(t_2)$, where the key $K$ is chosen from a key space $\mathcal{K}$, the tweak $(t_1,t_2)$ is chosen from a tweak space $\mathcal{T}$, $x$ is a plaintext, and $y$ is a ciphertext. We prove that HPH is a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on the security of HPH against multi-key and related-key attacks. We prove that HPH achieves multi-key-STPRP (MK-STPRP) security and HPH with related-key-AXU hash functions achieves related-key-STPRP (RK-STPRP) security, and derive a tight bound, respectively. HPH can be extended to wide applications. It can be directly applied to authentication and authenticated encryption modes. We appy HPH to PMAC1 and OPP, provide two improved modes HPMAC and OPH, and prove that they are single-key-secure, multi-key-secure, and related-key-secure.

Note: We enrich the original paper. The new version extends HPH to the application of MAC.