Tweaking Even-Mansour Ciphers
نویسندگان
چکیده
We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO 2012) and the iterated Even-Mansour construction (which turns a tuple of public permutations into a traditional block cipher) that has received considerable attention since the work of Bogdanov et al. (EUROCRYPT 2012). More concretely, we introduce the (one-round) tweakable Even-Mansour (TEM) cipher, constructed from a single n-bit permutation P and a uniform and almost XOR-universal family of hash functions (Hk) from some tweak space to {0, 1}, and defined as (k, t, x) 7→ Hk(t) ⊕ P (Hk(t) ⊕ x), where k is the key, t is the tweak, and x is the n-bit message, as well as its generalization obtained by cascading r independently keyed rounds of this construction. Our main result is a security bound up to approximately 22n/3 adversarial queries against adaptive chosen-plaintext and ciphertext distinguishers for the two-round TEM construction, using Patarin’s H-coefficients technique. We also provide an analysis based on the coupling technique showing that asymptotically, as the number of rounds r grows, the security provided by the r-round TEM construction approaches the information-theoretic bound of 2 adversarial queries.
منابع مشابه
The QARMA Block Cipher Family
This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflection ciphers such as PRINCE, to which it adds a tweaking input, and MANTIS. However, QARMA differs...
متن کاملNew Key Recovery Attacks on Minimal Two-Round Even-Mansour Ciphers
We propose new key recovery attacks on the two minimal two-round n-bit Even-Mansour ciphers that are secure up to 2 queries against distinguishing attacks proved by Chen et al. Our attacks are based on the meet-in-the-middle technique which can significantly reduce the data complexity. In particular, we introduce novel matching techniques which enable us to compute one of the two permutations w...
متن کاملSecurity of Even-Mansour Ciphers under Key-Dependent Messages
The iterated Even–Mansour (EM) ciphers form the basis of many blockcipher designs. Several results have established their security in the CPA/CCA models, under related-key attacks, and in the indifferentiability framework. In this work, we study the Even–Mansour ciphers under key-dependent message (KDM) attacks. KDM security is particularly relevant for blockciphers since non-expanding mechanis...
متن کاملTowards Understanding the Known-Key Security of Block Ciphers
Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. A formalization of known-key attacks in general is known to be difficult. In this paper, we tackle this problem for the case of block ciphers based on ideal components such as random permutations and random functions as well as propos...
متن کاملThe Related-Key Security of Iterated Even-Mansour Ciphers
The simplicity and widespread use of blockciphers based on the iterated Even–Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015