We use cookies to improve your experience with our site.

Indexed in:

SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.

Submission System
(Author / Reviewer / Editor)
Ping Zhang, Hong-Gang Hu. Generalized Tweakable Even-Mansour Cipher and Its Applications[J]. Journal of Computer Science and Technology, 2018, 33(6): 1261-1277. DOI: 10.1007/s11390-018-1886-4
Citation: Ping Zhang, Hong-Gang Hu. Generalized Tweakable Even-Mansour Cipher and Its Applications[J]. Journal of Computer Science and Technology, 2018, 33(6): 1261-1277. DOI: 10.1007/s11390-018-1886-4

Generalized Tweakable Even-Mansour Cipher and Its Applications

Funds: This work was supported by the National Natural Science Foundation of China under Grant Nos. 61522210 and 61632013.
More Information
  • Author Bio:

    Ping Zhang received his Ph.D. degree in information and communication engineering from the University of Science and Technology of China, Hefei, in June 2018. His major research interests include pseudorandom number generators, block ciphers, and authenticated encryption modes.

  • Corresponding author:

    Hong-Gang Hu,E-mail:hghu2005@ustc.edu.cn

  • Received Date: June 15, 2017
  • Revised Date: September 12, 2018
  • Published Date: November 14, 2018
  • This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based on a public random permutation P and a family of almost-XOR-universal hash functions H={HK}KK as a tweak and key schedule, and defined as y=HP HK((t1, t2), x)=P (xHK(t1)) ⊕ HK(t2), where K is a key randomly chosen from a key space K, (t1, t2) is a tweak chosen from a valid tweak space T, x is a plaintext, and y is a ciphertext. We prove that HPH is a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on the security of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security and related-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication and authenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMAC and a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security, and related-key security.
  • [1]
    Halevi S, Rogaway P. A tweakable enciphering mode. In Lecture Notes in Computer Science 2729, Boneh D (ed.), Springer-Verlag, 2003, pp.482-499.
    [2]
    Liskov M, Rivest R L, Wagner D. Tweakable block ciphers. In Lecture Notes in Computer Science 2442, Yung M (ed.), Springer-Verlag, 2002, pp.31-46.
    [3]
    Halevi S, Rogaway P. A parallelizable enciphering mode. In Lecture Notes in Computer Science 2964, Okamoto T (ed.), Springer-Verlag, 2004, pp.292-304.
    [4]
    Rogaway P, Zhang H. Online ciphers from tweakable blockciphers. In Lecture Notes in Computer Science 6558, Kiayias A (ed.), Springer-Verlag, 2011, pp.237-249.
    [5]
    Rogaway P. Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In Lecture Notes in Computer Science 3329, Lee P J (ed.), Springer-Verlag, 2004, pp.16-31.
    [6]
    Landecker W, Shrimpton T, Terashima R S. Tweakable blockciphers with beyond birthday-bound security. In Lecture Notes in Computer Science 7417, Safavi-Naini R, Canetti R (eds.), Springer-Verlag, 2012, pp.14-30.
    [7]
    Krovetz T, Rogaway P. The software performance of authenticated-encryption modes. In Lecture Notes in Computer Science 6733, Joux A (ed.), Springer-Verlag, 2011, pp.306-327.
    [8]
    Andreeva E, Bogdanov A, Luykx A, Mennink B, Tischhauser E, Yasuda K. Parallelizable and authenticated online ciphers. In Lecture Notes in Computer Science 8269, Sako K, Sarkar P (eds.), Springer-Verlag, 2013, pp.424-443.
    [9]
    Granger R, Jovanovic P, Mennink B, Neves S. Improved masking for tweakable blockciphers with applications to authenticated encryption. In Lecture Notes in Computer Science 9665, Fischlin M, Coron J S (eds.), Springer-Verlag, 2016, pp.263-293.
    [10]
    Bossuet L, Datta N, Mancillas-López C, Nandi M. ELmD:A pipelineable authenticated encryption and its hardware implementation. IEEE Trans. Computers, 2016, 65(11):3318-3331.
    [11]
    Chakraborty D, Sarkar P. On modes of operations of a block cipher for authentication and authenticated encryption. Cryptography and Communications, 2016, 8(4):455-511.
    [12]
    Peyrin T, Seurin Y. Counter-in-Tweak:Authenticated encryption modes for tweakable block ciphers. In Lecture Notes in Computer Science 9814, Robshaw M, Katz J (eds.), Springer-Verlag, 2016, pp.33-63.
    [13]
    Wang L, Guo J, Zhang G, Zhao J, Gu D. How to build fully secure tweakable blockciphers from classical blockciphers. In Lecture Notes in Computer Science 10031, Cheon J, Takagi T (eds.), Springer-Verlag, 2016, pp.455-483.
    [14]
    Cogliati B, Lampe R, Seurin Y. Tweaking Even-Mansour ciphers. In Lecture Notes in Computer Science 9215, Gennaro R, Robshaw M (eds.), Springer-Verlag, 2015, pp.189-208.
    [15]
    Cogliati B, Seurin Y. Beyond-birthday-bound security for tweakable Even-Mansour ciphers with linear tweak and key mixing. In Lecture Notes in Computer Science 9453, Iwata T, Cheon H (eds.), Springer-Verlag, 2015, pp.134-158.
    [16]
    Mennink B. XPX:Generalized tweakable Even-Mansour with improved security guarantees. In Lecture Notes in Computer Science 9814, Robshaw M, Katz J (eds.), Springer-Verlag, 2016, pp.64-94.
    [17]
    Reyhanitabar R, Vaudenay S, Vizár D. Misuse-resistant variants of the OMD authenticated encryption mode. In Lecture Notes in Computer Science 8782, Chow S S M, Liu J K, Hui L C K, Yiu S (eds.), Springer-Verlag, 2014, pp.55-70.
    [18]
    Reyhanitabar R, Vaudenay S, Vizár D. Boosting OMD for almost free authentication of associated data. In Lecture Notes in Computer Science 9054, Leander G (ed.), Springer-Verlag, 2015, pp.411-427.
    [19]
    Mouha N, Luykx A. Multi-key security:The Even-Mansour construction revisited. In Lecture Notes in Computer Science 9215, Gennaro R, Robshaw M (eds.), Springer-Verlag, 2015, pp.209-223.
    [20]
    Reyhanitabar R, Vaudenay S, Vizár D. Authenticated encryption with variable stretch. In Lecture Notes in Computer Science 10031, Cheon J, Takagi T (eds.), SpringerVerlag, 2016, pp.396-425.
    [21]
    Chatterjee S, Menezes A, Sarkar P. Another look at tightness. In Lecture Notes in Computer Science 10031, Miri A, Vaudenay S (eds.), Springer-Verlag, 2011, pp.293-319.
    [22]
    Mantin I, Shamir A. A practical attack on broadcast RC4. In Lecture Notes in Computer Science 10031, Matsui M (ed.), Springer-Verlag, 2001, pp.152-164.
    [23]
    Fouque P, Joux A, Mavromati C. Multi-user collisions:Applications to discrete logarithm, Even-Mansour and PRINCE. In Lecture Notes in Computer Science 8873, Sarkar P, Iwata T (eds.), Springer-Verlag, 2014, pp.420-438.
    [24]
    Bellare M, Bernstein D J, Tessaro S. Hash-function based PRFs:AMAC and its multi-user security. In Lecture Notes in Computer Science 9665, Fischlin M, Coron J S (eds.), Springer-Verlag, 2016, pp.566-595.
    [25]
    Bellare M, Tackmann B. The multi-user security of authenticated encryption:AES-GCM in TLS 1.3. In Lecture Notes in Computer Science 9665, Robshaw M, Katz J (eds.), Springer-Verlag, 2016, pp.247-276.
    [26]
    Hoang V T, Tessaro S. Key-alternating ciphers and keylength extension:Exact bounds and multi-user security. In Lecture Notes in Computer Science 9814, Robshaw M, Katz J (eds.), Springer-Verlag, 2016, pp.3-32.
    [27]
    Guo Z, Wu W, Liu R, Zhang L. Multi-key analysis of tweakable Even-Mansour with applications to minalpher and OPP. IACR Transactions on Symmetric Cryptology, 2016, 2016(2):288-306.
    [28]
    Biham E. New types of cryptoanalytic attacks using related keys (extended abstract). In Lecture Notes in Computer Science 765, Helleseth T (ed.), Springer-Verlag, 1993, pp.398-409.
    [29]
    Biham E. New types of cryptanalytic attacks using related keys. Journal of Cryptology, 1994, 7(4):229-246.
    [30]
    Bellare M, Kohno T. A theoretical treatment of relatedkey attacks:RKA-PRPs, RKA-PRFs, and applications. In Lecture Notes in Computer Science 2656, Biham E (ed.), Springer-Verlag, 2003, pp.491-506.
    [31]
    Biryukov A, Khovratovich D. Related-key cryptanalysis of the full AES-192 and AES-256. In Lecture Notes in Computer Science 5912, Matsui M (ed.), Springer-Verlag, 2009, pp.1-18.
    [32]
    Sun S, Hu L, Wang P, Qiao K, Ma X, Song L. Automatic security evaluation and (related-key) differential characteristic search:Application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In Lecture Notes in Computer Science 8873, Sarkar P, Iwata T (eds.), Springer-Verlag, 2014, pp.158-178.
    [33]
    Chen J, Miyaji A. A new practical key recovery attack on the stream cipher RC4 under related-key model. In Lecture Notes in Computer Science 6584, Lai X, Yung M, Lin D (eds.), Springer-Verlag, 2010, pp.62-76.
    [34]
    Cogliati B, Seurin Y. On the provable security of the iterated Even-Mansour cipher against related-key and chosenkey attacks. In Lecture Notes in Computer Science 9056, Oswald E, Fischlin M (eds.), Springer-Verlag, 2015, pp.584-613.
    [35]
    Wang P, Li Y, Zhang L, Zheng K. Related-key almost universal hash functions:Definitions, constructions and applications. In Lecture Notes in Computer Science 9783, Peyrin T (ed.), Springer-Verlag, 2016, pp.514-532.
    [36]
    Peyrin T, Sasaki Y, Wang L. Generic related-key attacks for HMAC. In Lecture Notes in Computer Science 7658, Wang X, Sako K (eds.), Springer-Verlag, 2012, pp.580-597.
    [37]
    Bhattacharyya R, Roy A. Secure message authentication against related-key attack. In Lecture Notes in Computer Science 8424, Moriai S (ed.), Springer-Verlag, 2013, pp.305-324.
    [38]
    Dobraunig C, Eichlseder M, Mendel F. Related-key forgeries for Prost-OTR. In Lecture Notes in Computer Science 9054, Leander G (ed.), Springer-Verlag, 2015, pp.282-296.
    [39]
    Patarin J. The "Coefficients H" technique. In Lecture Notes in Computer Science 5381, Avanzi R M, Keliher L, Sica F (eds.), Springer-Verlag, 2008, pp.328-345.
    [40]
    Kurosawa K. Power of a public random permutation and its application to authenticated encryption. IEEE Transactions on Information Theory, 2010, 5(10):5366-5374.
    [41]
    Chen S, Steinberger J P. Tight security bounds for keyalternating ciphers. In Lecture Notes in Computer Science 8441, Nguyen P Q, Oswald E (eds.), Springer-Verlag, 2014, pp.327-350.
    [42]
    Cogliati B, Seurin Y. EWCDM:An efficient, beyondbirthday secure, nonce-misuse resistant MAC. In Lecture Notes in Computer Science 9814, Robshaw M, Katz J (eds.), Springer-Verlag, 2016, pp.121-149.
    [43]
    Datta N, Nandi M. ELmE:A misuse resistant parallel authenticated encryption. In Lecture Notes in Computer Science 8544, Susilo W, Mu Y (eds.), Springer-Verlag, 2014, pp.306-321.
    [44]
    Daemen J, Lamberger M, Pramstaller N, Rijmen V, Vercauteren F. Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers. Computing, 2009, 85(1):85-104.
    [45]
    Rogaway P, Bellare M, Black J. OCB:A block-cipher mode of operation for efficient authenticated encryption. ACM Transactions on Information and System Security, 2003, 6(3):365-403.
    [46]
    Sasaki Y, Yasuda K. A new mode of operation for incremental authenticated encryption with associated data. In Lecture Notes in Computer Science 9566, Dunkelman O, Keliher L (eds.), Springer-Verlag, 2016, pp.397-416.
    [47]
    Sarkar P. Modes of operations for encryption and authentication using stream ciphers supporting an initialisation vector. Cryptography and Communications, 2014, 6(3):189-231.
  • Related Articles

    [1]Yuan Li, Xing-Chen Wang, Lin Huang, Yun-Lei Zhao. Order-Revealing Encryption: File-Injection Attack and Forward Security[J]. Journal of Computer Science and Technology, 2021, 36(4): 877-895. DOI: 10.1007/s11390-020-0060-y
    [2]Yan-Hong Fan, Mei-Qin Wang, Yan-Bin Li, Kai Hu, Mu-Zhou Li. A Secure IoT Firmware Update Scheme Against SCPA and DoS Attacks[J]. Journal of Computer Science and Technology, 2021, 36(2): 419-433. DOI: 10.1007/s11390-020-9831-8
    [3]Qi-Qi Lai, Bo Yang, Yong Yu, Zhe Xia, Yan-Wei Zhou, Yuan Chen. Updatable Identity-Based Hash Proof System Based on Lattices and Its Application to Leakage-Resilient Public-Key Encryption Schemes[J]. Journal of Computer Science and Technology, 2018, 33(6): 1243-1260. DOI: 10.1007/s11390-018-1885-5
    [4]Jing Xu, Wen-Tao Zhu. A Generic Framework for Anonymous Authentication in Mobile Networks[J]. Journal of Computer Science and Technology, 2013, 28(4): 732-742. DOI: 10.1007/s11390-013-1371-z
    [5]Yan Zhu, Hong-Xin Hu, Gail-Joon Ahn, Huai-Xi Wang, Shan-Biao Wang. Provably Secure Role-Based Encryption with Revocation Mechanism[J]. Journal of Computer Science and Technology, 2011, 26(4): 697-710. DOI: 10.1007/s11390-011-1169-9
    [6]Hai-Bo Tian, Willy Susilo, Yang Ming, Yu-Min Wang. A Provable Secure ID-Based Explicit Authenticated Key Agreement Protocol Without Random Oracles[J]. Journal of Computer Science and Technology, 2008, 23(5): 832-842.
    [7]Yong-Dong Zhang, Sheng Tang, Jin-Tao Li. Secure and Incidental Distortion Tolerant Digital Signature for Image Authentication[J]. Journal of Computer Science and Technology, 2007, 22(4): 618-625.
    [8]Sin-Kyu Kim, Jae-Woo Choi, Dae-Hun Nyang, Gene-Beck Hahn, Joo-Seok Song. Smart Proactive Caching Scheme for Fast Authenticated Handoff in Wireless LAN[J]. Journal of Computer Science and Technology, 2007, 22(3): 476-480.
    [9]Qing-Hua Zheng, David L. Pepyne, Qing Wang. New Approach to WLAN Security with Synchronized Pseudo Random[J]. Journal of Computer Science and Technology, 2004, 19(6).
    [10]ZHENG Dong, CHEN Kefei, YOU Jinyuan. Multiparty Authentication Services and Key Agreement Protocols with Semi-Trusted Third Party[J]. Journal of Computer Science and Technology, 2002, 17(6).

Catalog

    Article views (47) PDF downloads (351) Cited by()
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return