Tweakable Enciphering Schemes from Hash-Sum-Expansion

  • Kazuhiko Minematsu
  • Toshiyasu Matsushima
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


We study a tweakable blockcipher for arbitrarily long message (also called a tweakable enciphering scheme) that consists of a universal hash function and an expansion, a keyed function with short input and long output. Such schemes, called HCTR and HCH, have been recently proposed. They used (a variant of) the counter mode of a blockcipher for the expansion. We provide a security proof of a structure that underlies HCTR and HCH. We prove that the expansion can be instantiated with any function secure against Known-plaintext attacks (KPAs), which is called a weak pseudorandom function (WPRF). As an application of our proof, we provide efficient blockcipher-based schemes comparable to HCH and HCTR. For the double-block-length case, our result is an interesting extension of previous attempts to build a double-block-length cryptographic permutation using WPRF.


Mode of operation HCTR HCH Weak Pseudorandom Function 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption. In: FOCS 1997. Proceedings of the 38th Annual Symposium on Foundations of Computer Science, pp. 394–403 (1997)Google Scholar
  2. 2.
    Chakraborty, D., Sarkar, P.: HCH: A New Tweakable Enciphering Scheme Using the Hash-Encrypt-Hash Approach. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 287–302. Springer, Heidelberg. The full version is available from IACR ePrint 2007/028 (2006) CrossRefGoogle Scholar
  3. 3.
    Damgård, I., Nielsen, J.: Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 449–464. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Springer, HeidelbergGoogle Scholar
  5. 5.
    Halevi, S.: EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Halevi, S., Rogaway, P.: A Tweakable Enciphering Mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Halevi, S., Rogaway, P.: A Parallelizable Enciphering Mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Luby, M., Rackoff, C.: How to Construct Pseudo-random Permutations from Pseudo-random functions. SIAM J. Computing 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Lucks, S.: Faster Luby-Rackoff Ciphers. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol. 1039, pp. 189–203. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Maurer, U.: Indistinguishability of Random Systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Maurer, U., Oswald, Y.A., Pietrzak, K., Sjoedin, J.: Luby-Rackoff Ciphers from Weak Round Functions. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 391–408. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Maurer, U., Sjoedin, J.: A Fast and Key-Efficient Reduction of Chosen-Ciphertext to Known-Plaintext Security. In: EUROCRYPT 2007. LNCS, vol. 4515, pp. 498–516. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    McGrew, D., Fluhrer, S.: The Extended Codebook (XCB) Mode of Operation. IACR ePrint archive,
  15. 15.
    Minematsu, K., Tsunoo, Y.: Hybrid Symmetric Encryption Using Known-Plaintext Attack-Secure Components. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 242–260. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Minematsu, K.: Improved Security Analysis of XEX and LRW Modes. In: SAC 2006 Selected Areas in Cryptography. LNCS, vol. 4356, pp. 96–113 (2007)Google Scholar
  17. 17.
    Naor, M., Reingold, O.: Number-theoretic Constructions of Efficient Pseudo-random Functions. In: 38 th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 458–467 (1997)Google Scholar
  18. 18.
    Naor, M., Reingold, O.: On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. Journal of Cryptology 12(1), 29–66 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)Google Scholar
  20. 20.
    Wang, P., Feng, D., Wu, W.: HCTR: A Variable-Input-Length Enciphering Mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175–188. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Wegman, M., Carter, L.: New Hash Functions and Their Use in Authentication and Set Equality. Journal of Computer and System Sciences 22, 265–279 (1981)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Kazuhiko Minematsu
    • 1
    • 2
  • Toshiyasu Matsushima
    • 2
  1. 1.NEC Corporation, 1753 Shimonumabe, Nakahara-Ku, KawasakiJapan
  2. 2.Waseda University, 3-4-1 Okubo Shinjuku-ku TokyoJapan

Personalised recommendations