Multi-user security of the tweakable Even-Mansour cipher

  • PDF / 125,174 Bytes
  • 3 Pages / 595 x 842 pts (A4) Page_size
  • 40 Downloads / 175 Views

DOWNLOAD

REPORT


. LETTER .

March 2021, Vol. 64 139102:1–139102:3 https://doi.org/10.1007/s11432-018-9757-4

Multi-user security of the tweakable Even-Mansour cipher Ping ZHANG1* , Qian YUAN2 , Honggang HU3 & Peng WANG4 1

School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China; 2 School of Economics and Management, Southeast University, Nanjing 211189, China; School of Information Science and Technology, University of Science and Technology of China, Hefei 230027, China; 4 Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100049, China

3

Received 30 August 2018/Accepted 14 January 2019/Published online December 3 2020

Citation Zhang P, Yuan Q, Hu H G, et al. Multi-user security of the tweakable Even-Mansour cipher. Sci China Inf Sci, 2021, 64(3): 139102, https://doi.org/10.1007/s11432-018-9757-4

Dear editor, Data security, including data privacy security and data integrity security, are usually achieved by a cryptographic algorithm. Block ciphers are widely used to design the cryptographic scheme. However, in some special environments, block ciphers are no longer applicable. A tweakable blockcipher (TBC) is an improved version of a conventional block cipher, which adds an extra input, called tweak, on the basis of a key and a plaintext. The tweakable EvenMansour (TEM) cipher first presented by Cogliati et al. [1] is a permutation-based TBC, which is constructed from an r-tuple of n-bit permutations and a uniform almost-XORuniversal (AXU) hash function family from some tweak space T to {0, 1}n . In classical security models, all cryptography schemes considered the single-user (single-key) security, which means that there exists only a fixed key. This study focuses on the multi-user (multi-key) security. Guo et al. [2] presented a multi-key analysis for one-round TEM cipher (TEM-1) with linear tweak and key mixing in their paper. They provided known-plaintext attacks against TEM1, utilized detecting collisions to obtain an adaptive chosenplaintext attack against TEM-1, and left an interesting open problem that whether TEM-1 achieves security up to the birthday bound. We present a positive response for the above problem. This study focuses on the multi-user security of the TEM cipher. Firstly, we prove that the TEM-1 is multi-user strong tweakable pseudorandom permutation (MU-STPRP) secure in the random permutation model by using the expectation method. Compared with the bounds of the multi-user security obtained by the naive hybrid argument and the pointwise proximity property, the bound directly derived by the expectation method is the best, the tightest, and closest to the single-user bound. Then, we consider the multi-user security of an ideal TBC. The ideal TBC is proven MUSTPRP secure up to very close-to-optimal birthday-bound in the ideal cipher model. Furthermore, by comparison, the

bound of TEM-1 we derive is close to the bound of the ideal TBC. Finally, we extend TEM-1 to the r-round TEM cipher, illustrate some loose bounds, and analyze the securit