Security of Even–Mansour Ciphers under Key-Dependent Messages

نویسندگان
چکیده

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Security of Even-Mansour Ciphers under Key-Dependent Messages

The iterated Even–Mansour (EM) ciphers form the basis of many blockcipher designs. Several results have established their security in the CPA/CCA models, under related-key attacks, and in the indifferentiability framework. In this work, we study the Even–Mansour ciphers under key-dependent message (KDM) attacks. KDM security is particularly relevant for blockciphers since non-expanding mechanis...

متن کامل

OAEP Is Secure under Key-Dependent Messages

Key-dependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. We extend this definition to include the cases of adaptive corruptions and arbitrary active attacks, called adKDM security incorporating several novel design choices and substantially differing from...

متن کامل

Encryption-Scheme Security in the Presence of Key-Dependent Messages

Encryption that is only semantically secure should not be used on messages that depend on the underlying secret key; all bets are off when, for example, one encrypts using a shared key K the value K. Here we introduce a new notion of security, KDM security, appropriate for key-dependent messages. The notion makes sense in both the public-key and shared-key settings. For the latter we show that ...

متن کامل

Security Analysis of Key-Alternating Feistel Ciphers

We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudorandom round functions are of the form Fi(x⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to query in a black-box way. Interestingly, ou...

متن کامل

Tight Security Bounds for Key-Alternating Ciphers

A t-round key-alternating cipher (also called iterated Even-Mansour cipher) can be viewed as an abstraction of AES. It defines a cipher E from t fixed public permutations P1, . . . , Pt : {0, 1} → {0, 1} and a key k = k0‖ · · · ‖kt ∈ {0, 1} by setting Ek(x) = kt⊕Pt(kt−1⊕Pt−1(· · · k1⊕P1(k0⊕ x) · · · )). The indistinguishability of Ek from a truly random permutation by an adversary who also has ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: IACR Transactions on Symmetric Cryptology

سال: 2017

ISSN: 2519-173X

DOI: 10.46586/tosc.v2017.i2.84-104