SCIENCE CHINA Information Sciences, https://doi.org/10.1007/s11432-018-9757-4

Multi-User Security of the Tweakable Even-Mansour Cipher

More info


This paper focuses on the multi-user security of the tweakable Even-Mansour cipher. Firstly, we prove that the one-round tweakable Even-Mansour cipher (TEM-1) enjoys multi-user strong tweakable pseudorandom permutation (MU-STPRP) security in the random permutation model. Compared with the bounds of the multi-user security obtained by naive hybrid argument and point-wise proximity, the bound of the multi-user security directly derived by the expectation method is the best. Furthermore, the multi-user security of TEM-1 we derive is very close to the single-user security. Then, we consider the multi-user security of an ideal tweakable blockcipher (TBC). The ideal TBC is proven MU-STPRP secure up to close-to-optimal birthday-bound in the ideal cipher model. Furthermore, by comparison, the bound of TEM-1 we derive is close to the bound of the ideal TBC. Finally, we extend TEM-1 to the $r$-round tweakable Even-Mansour cipher, illustrate two loose bounds of the multi-user security via naive hybrid argument and point-wise proximity, and analyze the security of the $r$-round TEM cipher in various settings. The multi-user setting has wide applications in cryptography. It can be used in encryption modes, authentication modes, cryptographic protocols, and authenticated encryption modes.

Funded by

This work was supported by National Natural Science Foundation of China (Grant Nos. 61522210 and 61632013).