Minimizing the Two-Round Even-Mansour Cipher
作者: Shan Chen , Rodolphe Lampe , Jooyoung Lee , Yannick Seurin , John Steinberger
DOI: 10.1007/978-3-662-44371-2_3
关键词:
摘要: The r-round (iterated) Even-Mansour cipher (also known as key-alternating cipher) defines a block from r fixed public n-bit permutations P1,…,P follows: given sequence of round keys k0,…,k , an plaintext x is encrypted by xoring key k0, applying permutation P1, k1, etc. (strong) pseudorandomness this construction in the random model (i.e., when are oracles that adversary can query black-box way) was studied number recent papers, culminating with work Chen and Steinberger (EUROCRYPT 2014), who proved indistinguishable truly up to \( \mathcal{O} (2^{\frac{rn}{r+1}})\) queries any adaptive (which optimal security bound since it matches simple distinguishing attack). All results entire line share common restriction they only hold under assumption independent. In particular, for two rounds, current state knowledge E(x) = k2 ⊕ P2(k1 P1(k0 x)) provably secure (2^{2n/3})\) adversary, three independent keys, P1 P2 permutations. paper, we ask whether one obtain similar two-round just permutation. Our answer positive: adequately derived master k, same P used place P2, prove qualitatively \widetilde{ } (in model). To best our knowledge, first “beyond birthday bound” result AES-like ciphers does not assume keys.
springer.com
core.ac.uk 
sci-hub.st 参考文章(36)
Peter Gaži, Plain versus Randomized Cascading-Based Key-Length Extension for Block Ciphers Annual Cryptology Conference. pp. 551- 570 ,(2013) , 10.1007/978-3-642-40041-4_30
Peter Gaži, Stefano Tessaro, Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading Advances in Cryptology – EUROCRYPT 2012. pp. 63- 80 ,(2012) , 10.1007/978-3-642-29011-4_6
Jacques Patarin, The Coefficients H Technique selected areas in cryptography. pp. 328- 345 ,(2009) , 10.1007/978-3-642-04159-4_21
Vincent Rijmen, Joan Daemen, The Design of Rijndael: AES - The Advanced Encryption Standard ,(2002)
Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir, Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES2 international cryptology conference. pp. 337- 356 ,(2013) , 10.1007/978-3-642-42033-7_18
Joan Daemen, Vincent Rijmen, The Design of Rijndael Springer-Verlag New York, Inc.. ,(2002) , 10.1007/978-3-662-04722-4
Thomas P. Hayes, A large-deviation inequality for vector-valued martingales ,(2003)
Serge Vaudenay, On the Lai-Massey Scheme Advances in Cryptology - ASIACRYPT’99. ,vol. 1716, pp. 8- 19 ,(1999) , 10.1007/978-3-540-48000-6_2
Xuejia Lai, James L. Massey, A proposal for a new block encryption standard theory and application of cryptographic techniques. pp. 389- 404 ,(1991) , 10.1007/3-540-46877-3_35
Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Francois-Xavier Standaert, John Steinberger, Elmar Tischhauser, Key-Alternating Ciphers in a Provable Setting: Encryption Using a Small Number of Public Permutations Advances in Cryptology – EUROCRYPT 2012. pp. 45- 62 ,(2012) , 10.1007/978-3-642-29011-4_5