It is known, from the work of Dai et al. (in CRYPTO’17), that the PRF advantage of XORP (bitwise-xor of two outputs of n-bit random permutations with domain separated inputs), against an adversary making q queries, is about q/ 2n for q≤ 2n - 5. The same bound can be easily shown to hold for XORP[ k] (bitwise-xor of k outputs n-bit pseudorandom random permutations with domain separated inputs), for k≥ 3. In this work, we first consider multi-user security of XORP[ 3 ]. We show that the multi-user PRF advantage of XORP[ 3 ] is about uqmax/2n for all qmax≤ 2n/ 12, where u is the number of users and qmax is the maximum number of queries the adversary can make to each user. In the multi-user setup, this implies that XORP[ 3 ] gives security for O(2n) users even allowing almost O(2n) queries to each user. This also indicates significant improvement in the single-user setup (i.e., when u= 1 ), where the distinguishing advantage of the adversary even after making O(2n) queries is O(12n), i.e., negligible. Subsequently, we consider a simple efficient variant of XORP[ 3 ] in which we use five calls to produce 2n bit output (instead of six calls in the case of XORP[ 3 ] ). This variant also achieves similar level of security. As an immediate application, we can construct a variant of block cipher based counter mode which provides much higher security (both in the single-user and the multi-user setup) compared to the security of the encryption part of GCM at the cost of efficiency. © 2021, International Association for Cryptologic Research.