1. Nanjing University of Posts and Telecommunications, No. 6 Building, School of Computer Science , Nanjing Jiangsu China 210023
2. Southeast University, Room 13-608, Orange Groves, Jiulonghu Campus, Southeast University , Nanjing Jiangsu China 211189
3. University of Science and Technology of China, Hefei, Anhui , Hefei China 230027
4. Institute of Information Engineering Chinese Academy of Sciences, State Key Laboratory of Information Security , Beijing Beijing China 100093
This paper focuses on the multi-user security of the tweakable Even-Mansour cipher. Firstly, we prove that the one-round tweakable Even-Mansour cipher (TEM-1) enjoys multi-user strong tweakable pseudorandom permutation (MU-STPRP) security in the random permutation model. Compared with the bounds of the multi-user security obtained by naive hybrid argument and point-wise proximity, the bound of the multi-user security directly derived by the expectation method is the best. Furthermore, the multi-user security of TEM-1 we derive is very close to the single-user security. Then, we consider the multi-user security of an ideal tweakable blockcipher (TBC). The ideal TBC is proven MU-STPRP secure up to close-to-optimal birthday-bound in the ideal cipher model. Furthermore, by comparison, the bound of TEM-1 we derive is close to the bound of the ideal TBC. Finally, we extend TEM-1 to the $r$-round tweakable Even-Mansour cipher, illustrate two loose bounds of the multi-user security via naive hybrid argument and point-wise proximity, and analyze the security of the $r$-round TEM cipher in various settings. The multi-user setting has wide applications in cryptography. It can be used in encryption modes, authentication modes, cryptographic protocols, and authenticated encryption modes.
This work was supported by National Natural Science Foundation of China (Grant Nos. 61522210 and 61632013).