An Asymptotically Tight Security Analysis of the Iterated Even-Mansour Cipher

نویسندگان

  • Rodolphe Lampe
  • Jacques Patarin
  • Yannick Seurin
چکیده

We analyze the security of the iterated Even-Mansour cipher (a.k.a. key-alternating cipher), a very simple and natural construction of a blockcipher in the random permutation model. This construction, first considered by Even and Mansour (J. Cryptology, 1997) with a single permutation, was recently generalized to use t permutations in the work of Bogdanov et al. (EUROCRYPT 2012). They proved that the construction is secure up to O(N2/3) queries (where N is the domain size of the permutations), as soon as the number t of rounds is 2 or more. This is tight for t = 2, however in the general case the best known attack requires Ω(N t/(t+1)) queries. In this paper, we give asymptotically tight security proofs for two types of adversaries: 1. for non-adaptive chosen-plaintext adversaries, we prove that the construction achieves an optimal security bound of O(N t/(t+1)) queries; 2. for adaptive chosen-plaintext and ciphertext adversaries, we prove that the construction achieves security up to O(N t/(t+2)) queries (for t even). This improves previous results for t ≥ 6. Our proof crucially relies on the use of a coupling to upper-bound the statistical distance of the outputs of the iterated Even-Mansour cipher to the uniform distribution.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On the Provable Security of the Tweakable Even-Mansour Cipher Against Multi-Key and Related-Key Attacks

Cogliati et al. introduced the tweakable Even-Mansour cipher constructed from a single permutation and an almost-XORuniversal (AXU) family of hash functions with tweak and key schedule. Most of previous papers considered the security of the (iterated) tweakable Even-Mansour cipher in the single-key setting. In this paper, we focus on the security of the tweakable Even-Mansour cipher in the mult...

متن کامل

Tweakable Blockciphers with Asymptotically Optimal Security

We consider tweakable blockciphers with beyond the birthday bound security. Landecker, Shrimpton, and Terashima (CRYPTO 2012) gave the first construction with security up to O(22n/3) adversarial queries (n denotes the block size in bits of the underlying blockcipher), and for which changing the tweak does not require changing the keys for blockcipher calls. In this paper, we extend this constru...

متن کامل

Tweaking Even-Mansour Ciphers

We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO 2012) and the iterate...

متن کامل

On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks

The iterated Even-Mansour cipher is a construction of a block cipher from r public permutations P1, . . . , Pr which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations P1, . . . , Pr has been investigated in a series of recent papers. This ...

متن کامل

Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys

The iterated Even-Mansour (EM) scheme is a generalization of the original 1-round construction proposed in 1991, and can use one key, two keys, or completely independent keys. In this paper, we methodically analyze the security of all the possible iterated Even-Mansour schemes with two n-bit keys and up to four rounds, and show that none of them provides more than n-bit security. In particular,...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012