HCH: A New Tweakable Enciphering Scheme Using the Hash-Encrypt-Hash Approach
The notion and the first construction of a tweakable enciphering scheme, called CMC, was presented by Halevi-Rogaway at Crypto 2003. In this paper, we present HCH, which is a new construction of such a scheme. The construction uses the hash-encrypt-hash approach introduced by Naor-Reingold. This approach has recently been used in the constructions of tweakable enciphering schemes HCTR and PEP. HCH has several advantages over the previous schemes CMC, EME, EME*, HCTR, and PEP. CMC, EME, and EME* use two block-cipher invocations per message block, while HCTR, PEP, and HCH use only one. PEP uses four multiplications per block, while HCTR and HCH use only two. In HCTR, the security bound is cubic, while in HCH security bound is quadratic.
Keywordsmodes of operations tweakable encryption strong pseudo-random permutation
Unable to display preview. Download preview PDF.
- 7.Naor, M., Reingold, O.: A pseudo-random encryption mode (manuscript), Available from: www.wisdom.weizmann.ac.il/~naor