Filters








189 Hits in 4.6 sec

Security of Even–Mansour Ciphers under Key-Dependent Messages

Pooya Farshim, Louiza Khati, Damien Vergnaud
2017 IACR Transactions on Symmetric Cryptology  
In this work, we study the EvenMansour ciphers under key-dependent message (KDM) attacks.  ...  The iterated EvenMansour (EM) ciphers form the basis of many blockcipher designs.  ...  In this paper, we continue this line of work and study the iterated Even-Mansour ciphers under key-dependent message attacks.  ... 
doi:10.46586/tosc.v2017.i2.84-104 fatcat:2dnuezmgpven7nkhptnjohzdru

Security of Even–Mansour Ciphers under Key-Dependent Messages

Pooya Farshim, Louiza Khati, Damien Vergnaud
2017 IACR Transactions on Symmetric Cryptology  
In this work, we study the EvenMansour ciphers under key-dependent message (KDM) attacks.  ...  The iterated EvenMansour (EM) ciphers form the basis of many blockcipher designs.  ...  In this paper, we continue this line of work and study the iterated Even-Mansour ciphers under key-dependent message attacks.  ... 
doi:10.13154/tosc.v2017.i2.84-104 dblp:journals/tosc/FarshimKV17 fatcat:gf3u6vnjxrb2hhv6jw5gkaslhm

Related-Key Forgeries for Prøst-OTR [chapter]

Christoph Dobraunig, Maria Eichlseder, Florian Mendel
2015 Lecture Notes in Computer Science  
The attack exploits how the Prøst permutation is used in an Even-Mansour construction in the Feistel-based OTR mode of operation.  ...  Given the ciphertext and tag for any two messages under two related keys K and K ⊕ ∆ with related nonces, we can forge the ciphertext and tag for a modified message under K.  ...  The work has been supported in part by the Austrian Science Fund (project P26494-N15) and by the Austrian Research Promotion Agency (FFG) and the Styrian Business Promotion Agency (SFG) under grant number  ... 
doi:10.1007/978-3-662-48116-5_14 fatcat:lxzfusctkndbjnraetol2jeegi

Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers [chapter]

Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe, Bart Preneel, Ingrid Verbauwhede
2014 Lecture Notes in Computer Science  
We prove that Chaskey is secure in the standard model, based on the security of an underlying Even-Mansour block cipher.  ...  We propose Chaskey: a very efficient Message Authentication Code (MAC) algorithm for 32-bit microcontrollers.  ...  π, and the two-key Even-Mansour block cipher E X Y (m) = π(m ⊕ X) ⊕ Y .  ... 
doi:10.1007/978-3-319-13051-4_19 fatcat:qk5qnf7utrcordfq7t54ddki6m

Multi-key Security: The Even-Mansour Construction Revisited [chapter]

Nicky Mouha, Atul Luykx
2015 Lecture Notes in Computer Science  
In this paper, we prove that if a small number of plaintexts are encrypted under multiple independent keys, the Even-Mansour construction surprisingly offers similar security as an ideal block cipher with  ...  We hope that the results in this paper will further encourage the use of the Even-Mansour construction, especially when the secure and efficient implementation of a key schedule would result in a significant  ...  From a security point of view, the Even-Mansour block cipher avoids the need to store round keys securely.  ... 
doi:10.1007/978-3-662-47989-6_10 fatcat:o3izd5smcrcvloiybvbbfvfcje

Towards Understanding the Known-Key Security of Block Ciphers [chapter]

Elena Andreeva, Andrey Bogdanov, Bart Mennink
2014 Lecture Notes in Computer Science  
We introduce the notion of known-key indifferentiability to capture the security of such block ciphers under a known key.  ...  We note that known-key indifferentiability is more quickly and tightly attained by multiple Even-Mansour which puts it forward as a construction provably secure against known-key attacks.  ...  Multiple Even-Mansour The multiple Even-Mansour construction relates to the notion of key-alternating ciphers, which itself goes back to Daemen [12] [13] [14] and was used in the design of AES.  ... 
doi:10.1007/978-3-662-43933-3_18 fatcat:lp6gui3ie5g4xckqpkrcfbbjwa

Minimizing the Two-Round Even-Mansour Cipher [chapter]

Shan Chen, Rodolphe Lampe, Jooyoung Lee, Yannick Seurin, John Steinberger
2014 Lecture Notes in Computer Science  
The r-round (iterated) Even-Mansour cipher (also known as key-alternating cipher) defines a block cipher from r fixed public nbit permutations P1, . . . , Pr as follows: given a sequence of n-bit round  ...  In this paper, we ask whether one can obtain a similar bound for the two-round Even-Mansour cipher from just one n-bit key and one n-bit permutation.  ...  Fig. 1 . 1 Two constructions of "minimal" two-round Even-Mansour ciphers provably secure up to O(2 2n The Generalized Even-Mansour Cipher. Fix integers n, r, m, ≥ 1.  ... 
doi:10.1007/978-3-662-44371-2_3 fatcat:wykk3ixrnfecrdv6ousb4i2lse

Symmetric Cryptography (Dagstuhl Seminar 16021)

Frederik Armknecht, Tetsu Iwata, Kaisa Nyberg, Bart Preneel, Marc Herbstritt
2016 Dagstuhl Reports  
It was the fifth in the series of the Dagstuhl seminars "Symmetric Cryptography" held in 2007, 2009, 2012, and 2014.  ...  Abstracts of the presentations were given during the seminar. The first section describes the seminar topics and goals in general.  ...  Even-Mansour Designs. Another strong trend in the current symmetric key cryptography is related to the so-called Even-Mansour designs.  ... 
doi:10.4230/dagrep.6.1.34 dblp:journals/dagstuhl-reports/ArmknechtINP16 fatcat:3p4woms76ncrdm5hkd2iempk74

Minimalism in Cryptography: The Even-Mansour Scheme Revisited [chapter]

Orr Dunkelman, Nathan Keller, Adi Shamir
2012 Lecture Notes in Computer Science  
In the last part of the paper we analyze the security of several other variants of the Even-Mansour scheme, showing that some of them provide the same level of security while in others the lower bound  ...  Once we obtain this tight bound, we can show that the original two-key Even-Mansour scheme is not minimal in the sense that it can be simplified into a single key scheme with half as many key bits which  ...  The Security of Other Variants of the Even-Mansour Scheme In this section we consider two natural variants of the Even-Mansour scheme, and analyze their security.  ... 
doi:10.1007/978-3-642-29011-4_21 fatcat:yvjjziudozgp5by4sid3piaepa

Slidex Attacks on the Even–Mansour Encryption Scheme

Orr Dunkelman, Nathan Keller, Adi Shamir
2013 Journal of Cryptology  
By using this tight security result, we show that a simplified single-key variant of the Even-Mansour scheme has exactly the same security as the original two-key scheme.  ...  The Even-Mansour cryptosystem was developed in 1991 in an attempt to obtain the simplest possible block cipher, using only one publicly known random permutation and two whitening keys.  ...  The Security of Other Variants of the Even-Mansour Scheme In this section we consider several natural variants of the Even-Mansour scheme, and analyze their security.  ... 
doi:10.1007/s00145-013-9164-7 fatcat:abd32q5q45bnrhjj7jzq6dqyqy

Eliminating Random Permutation Oracles in the Even-Mansour Cipher [chapter]

Craig Gentry, Zulfikar Ramzan
2004 Lecture Notes in Computer Science  
Even and Mansour, on the other hand, only showed security against inversion and forgery.  ...  One noteworthy aspect of this result is that the cipher remains secure even though the adversary is permitted separate oracle access to all of the round functions.  ...  Our proof of security holds even if the amount of key material is reduced twofold.  ... 
doi:10.1007/978-3-540-30539-2_3 fatcat:jazu5seexvd55hch5r27tirhr4

Tweaking Even-Mansour Ciphers [chapter]

Benoît Cogliati, Rodolphe Lampe, Yannick Seurin
2015 Lecture Notes in Computer Science  
(CRYPTO 2012) and the iterated Even-Mansour construction (which turns a tuple of public permutations into a traditional block cipher) that has received considerable attention since the work of Bogdanov  ...  More concretely, we introduce the (one-round) tweakable Even-Mansour (TEM) cipher, constructed from a single n-bit permutation P and a uniform and almost XOR-universal family of hash functions (H k ) from  ...  The Iterated Even-Mansour Construction. The iterated Even-Mansour construction abstracts in a generic way the high-level structure of key-alternating ciphers [DR01] .  ... 
doi:10.1007/978-3-662-47989-6_9 fatcat:sjnpm5owevfprdwqr22ztlf7s4

Breaking Symmetric Cryptosystems Using Quantum Period Finding [chapter]

Marc Kaplan, Gaëtan Leurent, Anthony Leverrier, María Naya-Plasencia
2016 Lecture Notes in Computer Science  
On the other hand, the impact of quantum computing on secret key cryptography is much less understood.  ...  This model gives a lot of power to the adversary, but recent results show that it is nonetheless possible to build secure cryptosystems in it.  ...  This work was supported by the Commission of the European Communities through the Horizon 2020 program under project number 645622 PQCRYPTO.  ... 
doi:10.1007/978-3-662-53008-5_8 fatcat:zmmqzo3tn5ggdnuo7axmpc4n2a

Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP

Zhiyuan Guo, Wenling Wu, Renzhang Liu, Liting Zhang
2017 IACR Transactions on Symmetric Cryptology  
The tweakable Even-Mansour construction generalizes the conventional Even-Mansour scheme through replacing round keys by strings derived from a master key and a tweak.  ...  In the present paper, we evaluate the multi-key security of TEM-1, one of the most commonly used one-round tweakable Even-Mansour schemes (formally introduced at CRYPTO 2015), which is constructed from  ...  This work is supported by the National Basic Research Program of China (No.2013CB338002) and National Natural Science Foundation of China (No.61272476, No.61672509, No.61572484).  ... 
doi:10.46586/tosc.v2016.i2.288-306 fatcat:2dg5ktpl3vavzmvl6vcpxkq23q

Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts [chapter]

Gorjan Alagic, Alexander Russell
2017 Lecture Notes in Computer Science  
We then establish, under this assumption, the qCPA-security of several such Hidden Shift adaptations of symmetric-key constructions.  ...  We show that a Hidden Shift version of the Even-Mansour block cipher yields a quantum-secure pseudorandom function, and that a Hidden Shift version of the Encrypted CBC-MAC yields a collision-resistant  ...  ., distinguishing an Even-Mansour cipher from a random permutation). Thus, under the Hidden Shift Assumption, the Even-Mansour construction is a qPRF.  ... 
doi:10.1007/978-3-319-56617-7_3 fatcat:x7btopqmzbguzlsunujxqfr7be
« Previous Showing results 1 — 15 out of 189 results