How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
A proposal for a new block encryption standard
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Probability theory and statistical inference: econometric modelling with observational data
Probability theory and statistical inference: econometric modelling with observational data
The Design of Rijndael
Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Limitations of the Even-Mansour Construction
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Construction of a Cioher From a Single Pseudorandom Permutation
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
ASIACRYPT '99 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Practically Secure Feistel Cyphers
Fast Software Encryption, Cambridge Security Workshop
New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis
Proceedings of the Third International Workshop on Fast Software Encryption
Proceedings of the Third International Workshop on Fast Software Encryption
New Block Encryption Algorithm MISTY
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy
Proceedings of the 8th IMA International Conference on Cryptography and Coding
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Faster and Timing-Attack Resistant AES-GCM
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Related-Key Cryptanalysis of the Full AES-192 and AES-256
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Markov ciphers and differential cryptanalysis
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Dial C for cipher: le chiffrement était presque parfait
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
KFC - The Krazy Feistel Cipher
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Key recovery attacks of practical complexity on AES-256 variants with up to 10 rounds
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Biclique cryptanalysis of the full AES
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Differential analysis of the LED block cipher
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
An asymptotically tight security analysis of the iterated even-mansour cipher
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Understanding adaptivity: random systems revisited
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
This paper considers--for the first time--the concept of key-alternating ciphers in a provable security setting. Key-alternating ciphers can be seen as a generalization of a construction proposed by Even and Mansour in 1991. This construction builds a block cipher PX from an n-bit permutation P and two n-bit keys k0 and k1, setting PX{k0,k1} (x) = k1 ⊕ P(x ⊕ k0). Here we consider a (natural) extension of the Even-Mansour construction with t permutations P1,…,Pt and t+1 keys, k0,…, kt. We demonstrate in a formal model that such a cipher is secure in the sense that an attacker needs to make at least 22n/3 queries to the underlying permutations to be able to distinguish the construction from random. We argue further that the bound is tight for t=2 but there is a gap in the bounds for t2, which is left as an open and interesting problem. Additionally, in terms of statistical attacks, we show that the distribution of Fourier coefficients for the cipher over all keys is close to ideal. Lastly, we define a practical instance of the construction with t=2 using AES referred to as AES2. Any attack on AES2 with complexity below 285 will have to make use of AES with a fixed known key in a non-black box manner. However, we conjecture its security is 2128.