Paper 2020/1076

Minimizing the Two-Round Tweakable Even-Mansour Cipher

Avijit Dutta

Abstract

In CRYPTO 2015, Cogliati et al. have proposed one-round tweakable Even-Mansour (\textsf{1-TEM}) cipher constructed out of a single $n$-bit public permutation $\pi$ and a uniform and almost XOR-universal hash function \textsf{H} as $(k, t, x) \mapsto \textsf{H}_k(t) \oplus \pi(\textsf{H}_k(t) \oplus x)$, where $t$ is the tweak, and $x$ is the $n$-bit message. Authors have shown that its two-round extension, which we refer to as \textsf{2-TEM}, obtained by cascading $2$-independent instances of the construction gives $2n/3$-bit security and $r$-round cascading gives $rn/r+2$-bit security. In ASIACRYPT 2015, Cogliati and Seurin have shown that four-round tweakable Even-Mansour cipher, which we refer to as \textsf{4-TEM}, constructed out of four independent $n$-bit permutations $\pi_1, \pi_2, \pi_3, \pi_4$ and two independent $n$-bit keys $k_1, k_2$, defined as $$k_1 \oplus t \oplus \pi_4(k_2 \oplus t \oplus \pi_3(k_1 \oplus t \oplus \pi_2(k_2 \oplus t \oplus \pi_1(k_1 \oplus t \oplus x)))),$$ is secure upto $2^{2n/3}$ adversarial queries. In this paper, we have shown that if we replace two independent permutations of \textsf{2-TEM} (Cogliati et al., CRYPTO 2015) with a single $n$-bit public permutation, then the resultant construction still guarrantees security upto $2^{2n/3}$ adversarial queries. Using the results derived therein, we also show that replacing the permutation $(\pi_4, \pi_3)$ with $(\pi_1, \pi_2)$ in the above equation preserves security upto $2^{2n/3}$ adversarial queries.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2020
Keywords
Tweakable Block CipherKey Alternating CipherTweakable Even-Mansour CipherH-Coefficient
Contact author(s)
avirocks dutta13 @ gmail com
History
2020-09-12: revised
2020-09-09: received
See all versions
Short URL
https://ia.cr/2020/1076
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1076,
      author = {Avijit Dutta},
      title = {Minimizing the Two-Round Tweakable Even-Mansour Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1076},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1076}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.