Filters








496 Hits in 6.7 sec

From Distinguishers to Key Recovery: Improved Related-Key Attacks on Even-Mansour [chapter]

Pierre Karpman
2015 Lecture Notes in Computer Science  
RK distinguishers can be converted to key recovery Switch to queries to (k ∆) (Still only one RK class) RKA models (cont.)  ...  Allowing RK distinguishers on EM ≡ allowing (linear-time) RK key recovery mod change of RK class  ... 
doi:10.1007/978-3-319-23318-5_10 fatcat:7kjzeo7oc5bq7kaixqhlg45ek4

Key-Recovery Attacks Against the MAC Algorithm Chaskey [chapter]

Chrysanthi Mavromati
2016 Lecture Notes in Computer Science  
These attacks are based on recent work by Fouque, Joux and Mavromati presented at Asiacrypt 2014 on Even-Mansour based constructions.  ...  In this paper, we present key-recovery attacks against Chaskey in the single and multi-user setting.  ...  Collision-based attacks using the distinguished point technique against the Even-Mansour scheme The distinguished point technique.  ... 
doi:10.1007/978-3-319-31301-6_12 fatcat:apl5cjsqjbc5npbucdgxt5doie

Key Recovery Attacks on Iterated Even–Mansour Encryption Schemes

Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir
2015 Journal of Cryptology  
Despite their generic nature, we show that the attacks can be applied to improve the best known attacks on several concrete ciphers, including the full AES 2 (proposed at Eurocrypt 2012) and reduced-round  ...  Iterated Even-Mansour (EM) encryption schemes (also named "key-alternating ciphers") were extensively studied in recent years as an abstraction of commonly used block ciphers.  ...  A Time-Optimized Attack on 2-Round Iterated Even-Mansour with Independent Subkeys In order to improve the attack, we need to add more filtering conditions, and thus we actually work on triplets, as described  ... 
doi:10.1007/s00145-015-9207-3 fatcat:6laql7jmobdz5gwbxfryu7zmfq

Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES2 [chapter]

Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir
2013 Lecture Notes in Computer Science  
We then use the new cryptanalytic techniques in order to improve the best known attacks on several concrete EM-like schemes.  ...  The Even-Mansour (EM) encryption scheme received a lot of attention in the last couple of years due to its exceptional simplicity and tight security proofs.  ...  A Time-Optimized Attack on 2-Round Iterated Even-Mansour In order to improve the attack, we need to add more filtering conditions, and thus we actually work on triplets, as described in the improved algorithm  ... 
doi:10.1007/978-3-642-42033-7_18 fatcat:re3nf6of7vdzbbdmyw27aivc3i

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
The tweakable Even-Mansour construction generalizes the conventional Even-Mansour scheme through replacing round keys by strings derived from a master key and a tweak.  ...  In the present paper, we evaluate the multi-key security of TEM-1, one of the most commonly used one-round tweakable Even-Mansour schemes (formally introduced at CRYPTO 2015), which is constructed from  ...  We are also grateful to Si Gao for providing useful suggestions on the related experiments.  ... 
doi:10.46586/tosc.v2016.i2.288-306 fatcat:2dg5ktpl3vavzmvl6vcpxkq23q

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
The tweakable Even-Mansour construction generalizes the conventional Even-Mansour scheme through replacing round keys by strings derived from a master key and a tweak.  ...  In the present paper, we evaluate the multi-key security of TEM-1, one of the most commonly used one-round tweakable Even-Mansour schemes (formally introduced at CRYPTO 2015), which is constructed from  ...  We are also grateful to Si Gao for providing useful suggestions on the related experiments.  ... 
doi:10.13154/tosc.v2016.i2.288-306 dblp:journals/tosc/GuoWLZ16 fatcat:besakbj35bgbpm2mfqfocmmwda

Multi-user Collisions: Applications to Discrete Logarithm, Even-Mansour and PRINCE [chapter]

Pierre-Alain Fouque, Antoine Joux, Chrysanthi Mavromati
2014 Lecture Notes in Computer Science  
One possible scenario is to recover a single key in a large set of users more efficiently than to recover a key in the classical model.  ...  We put these two ideas together and we show that in the multi-user Even-Mansour scheme, all the keys of L = N 1/3 users can be found with N 1/3+ queries for each user (where N is the domain size).  ...  Time/Memory/Data Tradeoff Attack on Even-Mansour Attacking Even-Mansour using distinguished points methods.  ... 
doi:10.1007/978-3-662-45611-8_22 fatcat:s2o446bbwncancfpg4m6dpeyxa

Multi-key Security: The Even-Mansour Construction Revisited [chapter]

Nicky Mouha, Atul Luykx
2015 Lecture Notes in Computer Science  
At ASIACRYPT 1991, Even and Mansour introduced a block cipher construction based on a single permutation.  ...  In this paper, we prove that if a small number of plaintexts are encrypted under multiple independent keys, the Even-Mansour construction surprisingly offers similar security as an ideal block cipher with  ...  For a discussion of these attacks and their subsequent improvements, we refer to Sect. 2.3. Evidently, these attacks are also applicable to the Even-Mansour block cipher in the multi-key setting.  ... 
doi:10.1007/978-3-662-47989-6_10 fatcat:o3izd5smcrcvloiybvbbfvfcje

Symmetric Cryptography (Dagstuhl Seminar 16021)

Frederik Armknecht, Tetsu Iwata, Kaisa Nyberg, Bart Preneel, Marc Herbstritt
2016 Dagstuhl Reports  
From January 10-15, 2016, the seminar 16021 in Symmetric Cryptography was held in Schloss Dagstuhl -Leibniz Center for Informatics.  ...  Another strong trend in the current symmetric key cryptography is related to the so-called Even-Mansour designs.  ...  From this model one can the derive formulas for success probability and data complexity in multiple and multidimensional linear key-recovery attacks.  ... 
doi:10.4230/dagrep.6.1.34 dblp:journals/dagstuhl-reports/ArmknechtINP16 fatcat:3p4woms76ncrdm5hkd2iempk74

Population recovery and partial identification

Avi Wigderson, Amir Yehudayoff
2015 Machine Learning  
This graph captures the extent to which certain subsets of coordinates in each vector distinguish it from other vectors.  ...  Our efficient PID graphs imply general algorithms for these recovery problems, even when loss or noise are just below the information-theoretic limit!  ...  We thank Sanjeev Arora, Avrim Blum, Russell Impagliazzo, Dick Karp, Yishay Mansour and Elchanan Mossel for helpful comments on an earlier version of this work.  ... 
doi:10.1007/s10994-015-5489-9 fatcat:2hegmzq6avbi5fhulqsyaa4tlq

Population Recovery and Partial Identification

Avi Wigderson, Amir Yehudayoff
2012 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science  
This graph captures the extent to which certain subsets of coordinates in each vector distinguish it from other vectors.  ...  Our efficient PID graphs imply general algorithms for these recovery problems, even when loss or noise are just below the information-theoretic limit!  ...  We thank Sanjeev Arora, Avrim Blum, Russell Impagliazzo, Dick Karp, Yishay Mansour and Elchanan Mossel for helpful comments on an earlier version of this work.  ... 
doi:10.1109/focs.2012.14 dblp:conf/focs/WigdersonY12 fatcat:7i7yzhkyqbbixl3ykbkaj4jypi

Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys [chapter]

Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir
2014 Lecture Notes in Computer Science  
As a demonstration of the multibridge technique, we devise a new attack on 4 steps of the LED-128 block cipher, reducing the time complexity of the best known attack on this scheme from 2 96 to 2 64 .  ...  The iterated Even-Mansour (EM) scheme is a generalization of the original 1-round construction proposed in 1991, and can use one key, two keys, or completely independent keys.  ...  In addition to their application to iterated Even-Mansour ciphers with two keys, we notice that our techniques can also be combined with statistical distinguishers to give efficient key recovery attacks  ... 
doi:10.1007/978-3-662-45611-8_23 fatcat:ho5gkcthjjbm3fzfga5kgyiemq

Beyond quadratic speedups in quantum attacks on symmetric schemes [article]

Xavier Bonnetain, André Schrottenloher, Ferdinand Sibleyras
2021 arXiv   pre-print
In this paper, we report the first quantum key-recovery attack on a symmetric block cipher design, using classical queries only, with a more than quadratic time speedup compared to the best classical attack  ...  (ASIACRYPT 2019) can be extended to, in particular, attack this construction in quantum time Õ(2^n), providing a 2.5 quantum speedup over the best classical attack.  ...  A typical example is the polynomial-time key-recovery on Even-Mansour of Kuwakado and Morii [44] . Given access to an Even-Mansour cipher EM k1,k2 of unknown key, define f (x) = EM k1,k2 (x)⊕Π(x).  ... 
arXiv:2110.02836v1 fatcat:r5m6f4bqu5hjhdcaliuh3nat2y

On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks [chapter]

Benoît Cogliati, Yannick Seurin
2015 Lecture Notes in Computer Science  
In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed  ...  For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear.  ...  Acknowledgment We thank Gaëtan Leurent for pointing to our attention the related-key attack matching the security bound of Theorem 2.  ... 
doi:10.1007/978-3-662-46800-5_23 fatcat:dyikfqk23jcdlanqcjrhhihhbi

An Asymptotically Tight Security Analysis of the Iterated Even-Mansour Cipher [chapter]

Rodolphe Lampe, Jacques Patarin, Yannick Seurin
2012 Lecture Notes in Computer Science  
Our proof crucially relies on the use of a coupling to upper-bound the statistical distance of the outputs of the iterated Even-Mansour cipher to the uniform distribution.  ...  We analyze the security of the iterated Even-Mansour cipher (a.k.a. key-alternating cipher), a very simple and natural construction of a blockcipher in the random permutation model.  ...  We focus on security proofs in this work, but we stress that quite a few papers explored attacks (mainly key-recovery ones) against the Even-Mansour cipher.  ... 
doi:10.1007/978-3-642-34961-4_18 fatcat:3fcgkecjvfa4ba62iygmfn3zl4
« Previous Showing results 1 — 15 out of 496 results