Generalized Tweakable Even-Mansour Cipher and Its Applications

This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based on a public random permutation P and a family of almost-XOR-universal hash functions H=HKK∈K as a tweak and key schedule, and defined as y=HP HK((t1, t2), x)=P (x ⊕ HK(t1)) ⊕ HK(t2), where K is a key randomly chosen from a key space K, (t1, t2) is a tweak chosen from a valid tweak space T, x is a plaintext, and y is a ciphertext. We prove that HPH is a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on the security of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security and related-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication and authenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMAC and a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security, and related-key security.