Paper 2017/002

Generalized Tweakable Even-Mansour Cipher with Strong Security Guarantee and Its Application to Authenticated Encryption

Ping Zhang, Honggang Hu, and Peng Wang


We present a generalized tweakable blockcipher HPH, which is constructed from a public random permutation $P$ and an almost-XOR-universal (AXU) hash function $H$ with a tweak and key schedule $(t_1,t_2,K)\in \mathcal{T}\times \mathcal{K}$, and defined as $y=HPH_K((t_1,t_2),x)=P(x\oplus H_K(t_1))\oplus H_K(t_2)$, where the key $K$ is chosen from a key space $\mathcal{K}$, the tweak $(t_1,t_2)$ is chosen from a tweak space $\mathcal{T}$, $x$ is a plaintext, and $y$ is a ciphertext. We prove that HPH is a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on the security of HPH against multi-key and related-key attacks. We prove that HPH achieves multi-key-STPRP (MK-STPRP) security and HPH with related-key-AXU hash functions achieves related-key-STPRP (RK-STPRP) security, and derive a tight bound, respectively. HPH can be extended to wide applications. It can be directly applied to authentication and authenticated encryption modes. We appy HPH to PMAC1 and OPP, provide two improved modes HPMAC and OPH, and prove that they are single-key-secure, multi-key-secure, and related-key-secure.

Note: We enrich the original paper. The new version extends HPH to the application of MAC.

Available format(s)
-- withdrawn --
Publication info
Preprint. MINOR revision.
Tweakable Even-Mansouralmost-XOR-universal hash functionsHPHmulti-key attacksrelated-key attacksH-coefficients techniqueauthenticated encryption.
Contact author(s)
zgp @ mail ustc edu cn
2017-04-05: withdrawn
2017-01-05: received
See all versions
Short URL
Creative Commons Attribution
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.