Limitations of the Even-Mansour Construction
نویسنده
چکیده
In [1] a construction of a block cipher from a single pseudorandom permutation is proposed. In a complexity theoretical setting they prove that this scheme is secure against a polynomially bounded adversary. In this paper it is shown that this construction suffers from severe limitations that are immediately apparent if differential cryptanalysis [3] is performed. The fact that these limitations do not contradict the theoretical results obtained in [1] leads the authors to question the relevance of computational complexity theory in practical conventional cryptography.
منابع مشابه
Multi-key Security: The Even-Mansour Construction Revisited
At ASIACRYPT 1991, Even and Mansour introduced a block cipher construction based on a single permutation. Their construction has since been lauded for its simplicity, yet also criticized for not providing the same security as other block ciphers against generic attacks. In this paper, we prove that if a small number of plaintexts are encrypted under multiple independent keys, the Even-Mansour c...
متن کاملBeyond-Birthday-Bound Security for Tweakable Even-Mansour Ciphers with Linear Tweak and Key Mixing
The iterated Even-Mansour construction defines a block cipher from a tuple of public n-bit permutations (P1, . . . , Pr) by alternatively xoring some n-bit round key ki, i = 0, . . . , r, and applying permutation Pi to the state. The tweakable Even-Mansour construction generalizes the conventional Even-Mansour construction by replacing the n-bit round keys by n-bit strings derived from a master...
متن کاملAn Asymptotically Tight Security Analysis of the Iterated Even-Mansour Cipher
We analyze the security of the iterated Even-Mansour cipher (a.k.a. key-alternating cipher), a very simple and natural construction of a blockcipher in the random permutation model. This construction, first considered by Even and Mansour (J. Cryptology, 1997) with a single permutation, was recently generalized to use t permutations in the work of Bogdanov et al. (EUROCRYPT 2012). They proved th...
متن کاملBalanced permutations Even-Mansour ciphers
The r-rounds Even–Mansour block cipher is a generalization of the well known Even–Mansour block cipher to r iterations. Attacks on this construction were described by Nikolić et al. and Dinur et al. for r = 2, 3. These attacks are only marginally better than brute force but are based on an interesting observation (due to Nikolić et al.): for a “typical” permutation P, the distribution of P(x)⊕ ...
متن کاملTweaking Even-Mansour Ciphers
We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO 2012) and the iterate...
متن کامل