On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks - Université de Versailles Saint-Quentin-en-Yvelines Access content directly
Conference Papers Year : 2015

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks

Abstract

The iterated Even-Mansour cipher is a construction of a block cipher from r public permutations P1,. .. , Pr which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations P1,. .. , Pr has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to O(2 n 2) queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is sequential indifferentiability, a weakened variant of (full) indifferentiability introduced by Mandal et al. (TCC 2010).
Fichier principal
Vignette du fichier
2015-069.pdf (679.84 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02163313 , version 1 (08-07-2019)

Identifiers

Cite

Benoît Cogliati, Y. Seurin. On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks. 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Apr 2015, Sofia, Bulgaria. ⟨10.1007/978-3-662-46800-5_23⟩. ⟨hal-02163313⟩
57 View
229 Download

Altmetric

Share

Gmail Facebook X LinkedIn More