 Hello, my name is Hwiyoung Kim from South Korea and my presentation title is Hooking Tweakable Even Mensa Cypers. My content is like this. For introduction, I won't give you my research motivation starting with authenticated encryption. Then introduce Tweakable Block Cipher and PocuCyper. At the end of the introduction, I will show you my contribution. Because my research is in Provency Critiscope, I also want to give you my prop sketch briefly. Introduction section. I think everyone here are familiar with authenticated encryption. Authenticated encryption is a type of cryptographic scheme that serves encryption and message authenticated code. This scheme assures privacy and integrity on the data and there are many researches on how to make authenticated encryption. The primary researches focused on combining encryption schemes and MAC, MACDN Encrypt, MACN Encrypt, Encrypt and MAC are the example. But it is natural that directly making authenticated encryption scheme will be more efficient than combining two different schemes. OCB is representative authenticated encryption scheme. AEAD, authenticated encryption with associated data is somewhat developed version of authenticated encryption. It has additional input associated data that doesn't demand privacy but demand integrity. By adding associated data AEAD can perform every cryptographic functions. If you want MAC, you can make only associated data input and get TAG. If you want encryption, you can make message input and get ciphertext. For authenticated encryption, you can make message input and get ciphertext and TAG. The question starts here because AEAD contains all symmetric script of structures. If someone want to make AEAD, the primitive doesn't have to be a block cipher. From this idea, many researchers studied new cryptographic primitives. Tweakable block cipher is a pioneer. Tweakable block cipher has additional input compared to block cipher. Tweak. Tweak is a public input that makes usability on the block cipher. CETA-CB is the representative Tweakable block cipher based AEAD. It makes some revision on OCB and in 2019, the next primitive arrives. Pox cipher makes additional output to Tweakable block cipher. It seems that the message input is propped to two different outputs, C0 and C1. That's why the cipher is a poc cipher. The also of the poc cipher also suggested corresponding AEAD. PAEF is one of that, like the light below. This is the table for AEAD according to primitive ciphers. These AEAD schemes are the most basic AEAD schemes. You can see OCB has a birthday band and the others have full security. The authors of poc cipher emphasized that PAEF has no constant for cipher call. That means fast as short message. From here, we started our research. Poc cipher was new cryptography primitive. Therefore, there was no research on poc cipher with probable security perspective. We set probable security model for poc cipher and also the most simple poc cipher structure FTEM, poc ccable even measure. And we proved FTEM has two-thirds of N with security, which means pocking do not degrade the security. Next, our security proof section. We first want to show you how we construct FTEM structure. Below is two-round even measure construction. In 2015, the security for two-round T-cable even measure construction is proved. They substituted kiss in even measures to tweak it. We don't make detail about tweak it today. From two-round TEM, we made FTEM structure like this. Because two-round TEM uses two different permutation and two tweak it, we made poc on two-round TEM with one more permutation and tweak it. If you think one-round TEM has permutation with masking tweak it at pulled and backward, FTEM can be thought as one-round TEM, then poc, and one-round TEM respectively. In probable security, when we say some construction is secure, it means the construction is indistinguishable with ideal random construction. For a block cipher, it will be random permutation. And for a tweakable block cipher, it will be random tweakable permutation. Then for a poc tweakable block cipher, what is its ideal symmetric construction? We made it as two concatenated tweakable permutation. It means if you made construction query to ideal world oracle, the oracle returns two outputs of different tweakable permutations, tilde q and tilde r. We probed security of FTEM with HE coefficient technique. Briefly speaking, HE coefficient technique separates all possible events with bad and good case. Then upper bounding bad case probability and good case probability difference, we can probe its security. We showed a brief sketch of our probe. We have five bad cases, and this slide shows representative four cases, because permutation p1, p2, and p3 are public permutations, there can exist collision with permutation and FTEM structure. And FTEM uses this tweaky, there can also exist collision between distinct FTEM queries. The black ball means collision between FTEM permutation, and white ball means collision between FTEM queries. For example, bad stream means two different FTEM queries made collision with permutation calls individually and make white ball collision between them at another permutation. With these basic cases, we could up bound bad probability and good probability difference like below. The total security is like this. It seems somewhat complicated, but the point is it has two-thirds of N-bit security, same with two-round evamancer. The TEM paper showed tweaking do not degrade the security with two-round evamancer, and we showed poking also do not degrade each security. This is our summary. PokeCyper is a cyper that has one input and two outputs, and efficient in short message AEAD. And poked tweakable evamancer, the most simple model of pokecyper, has two-thirds of N-bit security, same order with two-round evamancer. And there are some natural ways to expand our result. If you send the poke round or multi poke and multi user security, my presentation is over, and thank you for listening.