On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks

Abstract : The iterated Even-Mansour cipher is a construction of a block cipher from r public permutations P1,. .. , Pr which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations P1,. .. , Pr has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to O(2 n 2) queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is sequential indifferentiability, a weakened variant of (full) indifferentiability introduced by Mandal et al. (TCC 2010).
Document type :
Conference papers
Complete list of metadatas

Cited literature [35 references]  Display  Hide  Download

https://hal.uvsq.fr/hal-02163313
Contributor : Mathilde Gallet <>
Submitted on : Monday, July 8, 2019 - 3:37:08 PM
Last modification on : Wednesday, July 10, 2019 - 3:50:43 PM

File

2015-069.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Benoît Cogliati, Y. Seurin. On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks. 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Apr 2015, Sofia, Bulgaria. ⟨10.1007/978-3-662-46800-5_23⟩. ⟨hal-02163313⟩

Share

Metrics

Record views

32

Files downloads

30