Tweakable HCTR: A BBB Secure Tweakable Enciphering Scheme

  • Avijit DuttaEmail author
  • Mridul Nandi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11356)


HCTR, proposed by Wang et al., is one of the most efficient candidates of tweakable enciphering schemes that turns an n-bit block cipher into a variable input length tweakable block cipher. Wang et al. have shown that HCTR offers a cubic security bound against all adaptive chosen plaintext and chosen ciphertext adversaries. Later in FSE 2008, Chakraborty and Nandi have improved its bound to \(O(\sigma ^2/2^n)\), where \(\sigma \) is the total number of blocks queried and n is the block size of the block cipher. In this paper, we propose tweakable HCTR that turns an n-bit tweakable block cipher to a variable input length tweakable block cipher by replacing all the block cipher calls of HCTR with tweakable block cipher. We show that when there is no repetition of the tweak, tweakable HCTR enjoys the optimal security against all adaptive chosen plaintext and chosen ciphertext adversaries. However, if the repetition of the tweak is limited, then the security of the construction remains close to the security bound in no repetition of the tweak case. Hence, it gives a graceful security degradation with the maximum number of repetition of tweaks.


Tweakable enciphering scheme HCTR TSPRP H-Coefficient. 



Authors are supported by the WISEKEY project of R.C.Bose Centre for Cryptology and Security. The authors would like to thank all the anonymous reviewers of Indocrypt 2018 for their invaluable comments and suggestions that help to improve the overall quality of the paper.


  1. 1.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994). Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000). Scholar
  3. 3.
    Bhaumik, R., Nandi, M.: An inverse-free single-keyed tweakable enciphering scheme. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part II. LNCS, vol. 9453, pp. 159–180. Springer, Heidelberg (2015). Scholar
  4. 4.
    Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Chakraborty, D., Ghosh, S., Sarkar, P.: A fast single-key two-level universal hash function. IACR Trans. Symmetric Cryptol. 2017(1), 106–128 (2017)Google Scholar
  6. 6.
    Chakraborty, D., Nandi, M.: An improved security bound for HCTR. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 289–302. Springer, Heidelberg (2008). Scholar
  7. 7.
    Chakraborty, D., Sarkar, P.: HCH: a new tweakable enciphering scheme using the hash-encrypt-hash approach. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 287–302. Springer, Heidelberg (2006). Scholar
  8. 8.
    Chakraborty, D., Sarkar, P.: A new mode of encryption providing a tweakable strong pseudo-random permutation. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 293–309. Springer, Heidelberg (2006). Scholar
  9. 9.
    Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round even-mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 39–56. Springer, Heidelberg (2014). Scholar
  10. 10.
    Daemen, J., Rijmen, V.: Rijndael for AES. In: AES Candidate Conference, pp. 343–348 (2000)Google Scholar
  11. 11.
    Datta, N., Dutta, A., Nandi, M., Yasuda, K.: Encrypt or decrypt? to make a single-key beyond birthday secure nonce-based MAC. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 631–661. Springer, Cham (2018). Scholar
  12. 12.
    Halevi, S.: EME*: extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315–327. Springer, Heidelberg (2004). Scholar
  13. 13.
    Halevi, S.: Invertible universal hashing and the TET encryption mode. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 412–429. Springer, Heidelberg (2007). Scholar
  14. 14.
    Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003). Scholar
  15. 15.
    Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004). Scholar
  16. 16.
    Jha, A., List, E., Minematsu, K., Mishra, S., Nandi, M.: XHX - A framework for optimally secure tweakable block ciphers from classical block ciphers and universal hashing. IACR Cryptology ePrint Archive 2017, p. 1075 (2017)Google Scholar
  17. 17.
    Lee, J., Luykx, A., Mennink, B., Minematsu, K.: Connecting tweakable and multi-key blockcipher security. Des. Codes Crypt. 86(3), 623–640 (2018)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Mancillas-López, C., Chakraborty, D., Rodríguez-Henríquez, F.: Efficient implementations of some tweakable enciphering schemes in reconfigurable hardware. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 414–424. Springer, Heidelberg (2007). Scholar
  20. 20.
    McGrew, D.A., Fluhrer, S.R.: The extended codebook (XCB) mode of operation. IACR Cryptology ePrint Archive 2004, p. 278 (2004)Google Scholar
  21. 21.
    McGrew, D.A., Viega, J.: The security and performance of the galois/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004). Scholar
  22. 22.
    Mennink, B.: Towards tight security of cascaded LRW2. IACR Cryptology ePrint Archive 2018, p. 434 (2018)CrossRefGoogle Scholar
  23. 23.
    Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 308–326. Springer, Heidelberg (2009). Scholar
  24. 24.
    Minematsu, K., Iwata, T.: Building blockcipher from tweakable blockcipher: extending FSE 2009 Proposal. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 391–412. Springer, Heidelberg (2011). Scholar
  25. 25.
    Minematsu, K., Iwata, T.: Tweak-length extension for tweakable blockciphers. In: Groth, J. (ed.) IMACC 2015. LNCS, vol. 9496, pp. 77–93. Springer, Cham (2015). Scholar
  26. 26.
    Minematsu, K., Matsushima, T.: Tweakable enciphering schemes from hash-sum-expansion. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 252–267. Springer, Heidelberg (2007). Scholar
  27. 27.
    Naor, M., Reingold, O.: A pseudo-random encryption mode.
  28. 28.
    Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-rackoff revisited. J. Cryptol. 12(1), 29–66 (1999)MathSciNetCrossRefGoogle Scholar
  29. 29.
    National Bureau of Standards. Data encryption standard. Federal Information Processing Standard (1977)Google Scholar
  30. 30.
    Patarin, J.: A proof of security in O(2n) for the Xor of two random permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232–248. Springer, Heidelberg (2008). Scholar
  31. 31.
    Jacques, P.: The “Coefficients H” Technique. In: Selected Areas in Cryptography, SAC, , pp. 328–345 (2008)Google Scholar
  32. 32.
    Peyrin, T., Seurin, Y.: Counter-in-tweak: authenticated encryption modes for tweakable block ciphers. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 33–63. Springer, Heidelberg (2016). Scholar
  33. 33.
    Phillip, R., Mihir, B., John, B., Krovetz, T.: O.C.B.: a block-cipher mode of operation for efficient authenticated encryption, In: Proceedings of the 8th ACM Conference on Computer and Communications Security, CCS 2001, Philadelphia, Pennsylvania, USA, 6-8 November 2001, pp. 196–205 (2001)Google Scholar
  34. 34.
    Sarkar, P.: Improving upon the TET mode of operation. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 180–192. Springer, Heidelberg (2007). Scholar
  35. 35.
    Wang, P., Feng, D., Wu, W.: HCTR: a variable-input-length enciphering mode. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 175–188. Springer, Heidelberg (2005). Scholar
  36. 36.
    Smith, J.L., Ehrsam, W.F., Meyer, C.H.W., Tuchman, W.L.: Message verification and transmission error detection by block chaining. US Patent 4074066 (1976)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Indian Statistical InstituteKolkataIndia

Personalised recommendations