CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Improving upon the TET mode of operation
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Invertible universal hashing and the TET encryption mode
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Tweakable enciphering schemes from hash-sum-expansion
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Efficient implementations of some tweakable enciphering schemes in reconfigurable hardware
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
HCH: a new tweakable enciphering scheme using the hash-encrypt-hash approach
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
HCTR: a variable-input-length enciphering mode
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
A new mode of encryption providing a tweakable strong pseudo-random permutation
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
EME*: extending EME to handle arbitrary-length messages with associated data
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Automated security proof for symmetric encryption modes
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Building blockcipher from tweakable blockcipher: extending FSE 2009 proposal
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Automated verification of block cipher modes of operation, an improved method
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
| Hi-index | 0.01 |
HCTR was proposed by Wang, Feng and Wu in 2005. It is a mode of operation which provides a tweakable strong pseudorandom permutation. Though HCTR is quite an efficient mode, the authors showed a cubic security bound for HCTR which makes it unsuitable for applications where tweakable strong pseudorandom permutations are required. In this paper we show that HCTR has a better security bound than what the authors showed. We prove that the distinguishing advantage of an adversary in distinguishing HCTR and its inverse from a random permutation and its inverse is bounded above by 4.5 茂戮驴2/2n, where nis the block-length of the block-cipher and 茂戮驴is the number of n-block queries made by the adversary (including the tweak).