This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based ona public random permutation P and a family of almost-XOR-universal hash functions H={HK}K∈κ as a tweak and key...This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based ona public random permutation P and a family of almost-XOR-universal hash functions H={HK}K∈κ as a tweak and keyschedule, and defined as y = HPHK((t1, t2), x) = P(x HK(t1)) HK(t2), where K is a key randomly chosen from a keyspace/C, (tl, t2) is a tweak chosen from a valid tweak space T, x is a plaintext, and y is a ciphertext. We prove that HPHis a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on thesecurity of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security andrelated-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication andauthenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMACand a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security,and related-key security.展开更多
基金This work was supported by the National Natural Science Foundation of China under Grant Nos. 61522210 and 61632013,
文摘This paper describes a generalized tweakable blockcipher HPH (Hash-Permutation-Hash), which is based ona public random permutation P and a family of almost-XOR-universal hash functions H={HK}K∈κ as a tweak and keyschedule, and defined as y = HPHK((t1, t2), x) = P(x HK(t1)) HK(t2), where K is a key randomly chosen from a keyspace/C, (tl, t2) is a tweak chosen from a valid tweak space T, x is a plaintext, and y is a ciphertext. We prove that HPHis a secure strong tweakable pseudorandom permutation (STPRP) by using H-coefficients technique. Then we focus on thesecurity of HPH against multi-key and related-key attacks. We prove that HPH achieves both multi-key STPRP security andrelated-key STPRP security. HPH can be extended to wide applications. It can be directly applied to authentication andauthenticated encryption modes. We apply HPH to PMAC1 and OPP, provide an improved authentication mode HPMACand a new authenticated encryption mode OPH, and prove that the two modes achieve single-key security, multi-key security,and related-key security.
