On the provable security of BEAR and LION schemes