Key-Alternating ciphers in a provable setting: encryption using a small number of public permutations

Authors:
Andrey Bogdanov;Lars R. Knudsen;Gregor Leander;Francois-Xavier Standaert;John Steinberger;Elmar Tischhauser
Affiliations:
KU Leuven and IBBT, Belgium;Technical University of Denmark, Denmark;Technical University of Denmark, Denmark;UCL Crypto Group, Université catholique de Louvain, Belgium;Tsinghua University, China;KU Leuven and IBBT, Belgium
Venue:
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Year:
2012

Citing 22
Cited 3

How to construct pseudorandom permutations from pseudorandom functions

SIAM Journal on Computing - Special issue on cryptography
A proposal for a new block encryption standard

EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Probability theory and statistical inference: econometric modelling with observational data

Probability theory and statistical inference: econometric modelling with observational data
The Design of Rijndael

The Design of Rijndael
Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Limitations of the Even-Mansour Construction

ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Construction of a Cioher From a Single Pseudorandom Permutation

ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
On the Lai-Massey Scheme

ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Practically Secure Feistel Cyphers

Fast Software Encryption, Cambridge Security Workshop
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis

Proceedings of the Third International Workshop on Fast Software Encryption
The Cipher SHARK

Proceedings of the Third International Workshop on Fast Software Encryption
New Block Encryption Algorithm MISTY

FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy

Proceedings of the 8th IMA International Conference on Cryptography and Coding
PRESENT: An Ultra-Lightweight Block Cipher

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Faster and Timing-Attack Resistant AES-GCM

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Related-Key Cryptanalysis of the Full AES-192 and AES-256

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Markov ciphers and differential cryptanalysis

EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Dial C for cipher: le chiffrement était presque parfait

SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
The LED block cipher

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
KFC - The Krazy Feistel Cipher

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Biclique cryptanalysis of the full AES

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security

Differential analysis of the LED block cipher

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
An asymptotically tight security analysis of the iterated even-mansour cipher

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Understanding adaptivity: random systems revisited

ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper considers--for the first time--the concept of key-alternating ciphers in a provable security setting. Key-alternating ciphers can be seen as a generalization of a construction proposed by Even and Mansour in 1991. This construction builds a block cipher PX from an n-bit permutation P and two n-bit keys k0 and k1, setting PX{k0,k1} (x) = k1 ⊕ P(x ⊕ k0). Here we consider a (natural) extension of the Even-Mansour construction with t permutations P1,…,Pt and t+1 keys, k0,…, kt. We demonstrate in a formal model that such a cipher is secure in the sense that an attacker needs to make at least 22n/3 queries to the underlying permutations to be able to distinguish the construction from random. We argue further that the bound is tight for t=2 but there is a gap in the bounds for t2, which is left as an open and interesting problem. Additionally, in terms of statistical attacks, we show that the distribution of Fourier coefficients for the cipher over all keys is close to ideal. Lastly, we define a practical instance of the construction with t=2 using AES referred to as AES2. Any attack on AES2 with complexity below 285 will have to make use of AES with a fixed known key in a non-black box manner. However, we conjecture its security is 2128.