Security of Even–Mansour Ciphers under Key-Dependent Messages
نویسندگان
چکیده
منابع مشابه
Security of Even-Mansour Ciphers under Key-Dependent Messages
The iterated Even–Mansour (EM) ciphers form the basis of many blockcipher designs. Several results have established their security in the CPA/CCA models, under related-key attacks, and in the indifferentiability framework. In this work, we study the Even–Mansour ciphers under key-dependent message (KDM) attacks. KDM security is particularly relevant for blockciphers since non-expanding mechanis...
متن کاملOAEP Is Secure under Key-Dependent Messages
Key-dependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. We extend this definition to include the cases of adaptive corruptions and arbitrary active attacks, called adKDM security incorporating several novel design choices and substantially differing from...
متن کاملEncryption-Scheme Security in the Presence of Key-Dependent Messages
Encryption that is only semantically secure should not be used on messages that depend on the underlying secret key; all bets are off when, for example, one encrypts using a shared key K the value K. Here we introduce a new notion of security, KDM security, appropriate for key-dependent messages. The notion makes sense in both the public-key and shared-key settings. For the latter we show that ...
متن کاملSecurity Analysis of Key-Alternating Feistel Ciphers
We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudorandom round functions are of the form Fi(x⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to query in a black-box way. Interestingly, ou...
متن کاملTight Security Bounds for Key-Alternating Ciphers
A t-round key-alternating cipher (also called iterated Even-Mansour cipher) can be viewed as an abstraction of AES. It defines a cipher E from t fixed public permutations P1, . . . , Pt : {0, 1} → {0, 1} and a key k = k0‖ · · · ‖kt ∈ {0, 1} by setting Ek(x) = kt⊕Pt(kt−1⊕Pt−1(· · · k1⊕P1(k0⊕ x) · · · )). The indistinguishability of Ek from a truly random permutation by an adversary who also has ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR Transactions on Symmetric Cryptology
سال: 2017
ISSN: 2519-173X
DOI: 10.46586/tosc.v2017.i2.84-104