A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is `application/pdf`

.

##
###
Eliminating Random Permutation Oracles in the Even-Mansour Cipher
[chapter]

2004
*
Lecture Notes in Computer Science
*

Even and Mansour [EM97] proposed a block cipher construction that takes a publicly computable random permutation oracle P and XORs different keys prior to and after applying P : C = k2 ⊕ P (M ⊕ k1). They did not, however, describe how one could instantiate such a permutation securely. It is a fundamental open problem whether their construction could be proved secure outside the random permutation oracle model. We resolve this question in the affirmative by showing that the construction can be

doi:10.1007/978-3-540-30539-2_3
fatcat:jazu5seexvd55hch5r27tirhr4