{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,7]],"date-time":"2025-07-07T21:23:57Z","timestamp":1751923437220,"version":"3.30.1"},"reference-count":0,"publisher":"Universitatsbibliothek der Ruhr-Universitat Bochum","issue":"4","license":[{"start":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T00:00:00Z","timestamp":1701993600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ToSC"],"abstract":"<jats:p>In this paper, we provide the first analysis of the Iterated Tweakable Even-Mansour cipher with linear tweak and key (or tweakey) mixing, henceforth referred as TEML, for an arbitrary tweak(ey) size kn for all k \u2265 1, and arbitrary number of rounds r \u2265 2. Note that TEML captures the high-level design paradigm of most of the existing tweakable block ciphers (TBCs), including SKINNY, Deoxys, TweGIFT, TweAES etc. from a provable security point of view. At ASIACRYPT 2015, Cogliati and Seurin initiated the study of TEML by showing that 4-round TEML with a 2n-bit uniform at random key, and n-bit tweak is secure up to 22n\/3 queries. In this work, we extend this line of research in two directions. First, we propose a necessary and sufficient class of linear tweakey schedules to absorb mn-bit tweak(ey) material in a minimal number of rounds, for all m \u2265 1. Second, we give a rigorous provable security treatment for r-round TEML, for all r \u2265 2. In particular, we first show that the 2r-round TEML with a (2r + 1)n-bit key, \u03b1n-bit tweak, and a special class of tweakey schedule is IND-CCA secure up to O(2r\u2212\u03b1\/r n) queries. Our proof crucially relies on the use of the coupling technique to upper-bound the statistical distance of the outputs of TEML cipher from the uniform distribution. Our main echnical contribution is a novel approach for computing the probability of failure in coupling, which could be of independent interest for deriving tighter bounds in coupling-based security proofs. Next, we shift our focus to the chosen-key setting, and show that (r + 3)-round TEML, with rn bits of tweakey material and a special class of tweakey schedule, offers some form of resistance to chosen-key attacks. We prove this by showing that r + 3 rounds of TEML are both necessary and sufficient for sequential indifferentiability. As a consequence of our results, we provide a sound provable security footing for the TWEAKEY framework, a high level design rationale of popular TBC.<\/jats:p>","DOI":"10.46586\/tosc.v2023.i4.330-364","type":"journal-article","created":{"date-parts":[[2023,12,12]],"date-time":"2023-12-12T06:44:00Z","timestamp":1702363440000},"page":"330-364","source":"Crossref","is-referenced-by-count":1,"title":["On Large Tweaks in Tweakable Even-Mansour with Linear Tweak and Key Mixing"],"prefix":"10.46586","volume":"2023","author":[{"given":"Beno\u00eet","family":"Cogliati","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jordan","family":"Ethan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ashwin","family":"Jha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Soumya","family":"Kanti Saha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"25480","published-online":{"date-parts":[[2023,12,8]]},"container-title":["IACR Transactions on Symmetric Cryptology"],"original-title":[],"link":[{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/download\/11292\/11536","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/download\/11292\/11537","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/download\/11292\/10825","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T14:04:52Z","timestamp":1733839492000},"score":1,"resource":{"primary":{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/11292"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,8]]},"references-count":0,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,12,8]]}},"URL":"https:\/\/doi.org\/10.46586\/tosc.v2023.i4.330-364","relation":{},"ISSN":["2519-173X"],"issn-type":[{"type":"electronic","value":"2519-173X"}],"subject":[],"published":{"date-parts":[[2023,12,8]]}}}