On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2015-04-14

AUTHORS

Benoît Cogliati , Yannick Seurin

ABSTRACT

The iterated Even-Mansour cipher is a construction of a block cipher from \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$r$$\end{document} public permutations \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$P_1,\ldots ,P_r$$\end{document} which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$P_1,\ldots ,P_r$$\end{document} has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ \mathcal {O} (2^{\frac{n}{2}})$$\end{document} queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is sequential indifferentiability, a weakened variant of (full) indifferentiability introduced by Mandal et al. (TCC 2010). More... »

PAGES

584-613

Book

TITLE

Advances in Cryptology -- EUROCRYPT 2015

ISBN

978-3-662-46799-2
978-3-662-46800-5

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-662-46800-5_23

DOI

http://dx.doi.org/10.1007/978-3-662-46800-5_23

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1002079458


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Versailles, Versailles, France", 
          "id": "http://www.grid.ac/institutes/grid.12832.3a", 
          "name": [
            "University of Versailles, Versailles, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Cogliati", 
        "givenName": "Beno\u00eet", 
        "id": "sg:person.010731237165.96", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010731237165.96"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Seurin", 
        "givenName": "Yannick", 
        "id": "sg:person.011724731171.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2015-04-14", 
    "datePublishedReg": "2015-04-14", 
    "description": "The iterated Even-Mansour cipher is a construction of a block cipher from \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$r$$\\end{document} public permutations \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$P_1,\\ldots ,P_r$$\\end{document} which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$P_1,\\ldots ,P_r$$\\end{document} has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to \\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$ \\mathcal {O} (2^{\\frac{n}{2}})$$\\end{document} queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is sequential indifferentiability, a weakened variant of (full) indifferentiability introduced by Mandal et al. (TCC 2010).", 
    "editor": [
      {
        "familyName": "Oswald", 
        "givenName": "Elisabeth", 
        "type": "Person"
      }, 
      {
        "familyName": "Fischlin", 
        "givenName": "Marc", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-662-46800-5_23", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-662-46799-2", 
        "978-3-662-46800-5"
      ], 
      "name": "Advances in Cryptology -- EUROCRYPT 2015", 
      "type": "Book"
    }, 
    "keywords": [
      "rounds", 
      "sufficient number", 
      "resistance", 
      "number", 
      "variants", 
      "attacks", 
      "access", 
      "lines", 
      "series", 
      "results", 
      "tool", 
      "form", 
      "line of work", 
      "et al", 
      "minimal number", 
      "weakened variant", 
      "way", 
      "similar security", 
      "recent paper", 
      "key", 
      "work", 
      "properties", 
      "structure", 
      "related-key attacks", 
      "al", 
      "permutations", 
      "technical tools", 
      "random permutation", 
      "paper", 
      "construction", 
      "distinguishing attack", 
      "key attacks", 
      "queries", 
      "security", 
      "generic way", 
      "block cipher", 
      "XOR", 
      "oracle access", 
      "main technical tool", 
      "cipher", 
      "adversary", 
      "indifferentiability", 
      "indistinguishability", 
      "Even-Mansour cipher", 
      "chosen-key attacks", 
      "provable security", 
      "public permutations", 
      "key-alternating ciphers", 
      "inner permutations", 
      "ideal cipher", 
      "provable resistance", 
      "Mandal et al"
    ], 
    "name": "On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks", 
    "pagination": "584-613", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1002079458"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-662-46800-5_23"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-662-46800-5_23", 
      "https://app.dimensions.ai/details/publication/pub.1002079458"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-11-24T21:11", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221124/entities/gbq_results/chapter/chapter_107.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-662-46800-5_23"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-46800-5_23'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-46800-5_23'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-46800-5_23'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-46800-5_23'


 

This table displays all metadata directly associated to this object as RDF triples.

126 TRIPLES      22 PREDICATES      76 URIs      69 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-662-46800-5_23 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N83c533d1fda14faaa4cff74f10aa6d76
4 schema:datePublished 2015-04-14
5 schema:datePublishedReg 2015-04-14
6 schema:description The iterated Even-Mansour cipher is a construction of a block cipher from \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$r$$\end{document} public permutations \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$P_1,\ldots ,P_r$$\end{document} which abstracts in a generic way the structure of key-alternating ciphers. The indistinguishability of this construction from a truly random permutation by an adversary with oracle access to the inner permutations \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$P_1,\ldots ,P_r$$\end{document} has been investigated in a series of recent papers. This construction has also been shown to be (fully) indifferentiable from an ideal cipher for a sufficient number of rounds (five or twelve depending on the assumptions on the key-schedule). In this paper, we extend this line of work by considering the resistance of the iterated Even-Mansour cipher to xor-induced related-key attacks (i.e., related-key attacks where the adversary is allowed to xor any constant of its choice to the secret key) and to chosen-key attacks. For xor-induced related-key attacks, we first provide a distinguishing attack for two rounds, assuming the key-schedule is linear. We then prove that for a linear key-schedule, three rounds yield a cipher which is secure against xor-induced related-key attacks up to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$ \mathcal {O} (2^{\frac{n}{2}})$$\end{document} queries of the adversary, whereas for a nonlinear key-schedule, one round is sufficient to obtain a similar security bound. We also show that the iterated Even-Mansour cipher with four rounds offers some form of provable resistance to chosen-key attacks, which is the minimal number of rounds to achieve this property. The main technical tool that we use to prove this result is sequential indifferentiability, a weakened variant of (full) indifferentiability introduced by Mandal et al. (TCC 2010).
7 schema:editor N55f45a8354c54e1fa6472988a0485f46
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf Ne152982cca7c42a2bcdf67536af9a3ed
11 schema:keywords Even-Mansour cipher
12 Mandal et al
13 XOR
14 access
15 adversary
16 al
17 attacks
18 block cipher
19 chosen-key attacks
20 cipher
21 construction
22 distinguishing attack
23 et al
24 form
25 generic way
26 ideal cipher
27 indifferentiability
28 indistinguishability
29 inner permutations
30 key
31 key attacks
32 key-alternating ciphers
33 line of work
34 lines
35 main technical tool
36 minimal number
37 number
38 oracle access
39 paper
40 permutations
41 properties
42 provable resistance
43 provable security
44 public permutations
45 queries
46 random permutation
47 recent paper
48 related-key attacks
49 resistance
50 results
51 rounds
52 security
53 series
54 similar security
55 structure
56 sufficient number
57 technical tools
58 tool
59 variants
60 way
61 weakened variant
62 work
63 schema:name On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks
64 schema:pagination 584-613
65 schema:productId N4acdab3aef774c41ac03428de8cf43cf
66 Ncfb0dc9985b744de99f7eb99bc2d613d
67 schema:publisher Nf9b11206f1e048d9a533f7f4db7cd3e8
68 schema:sameAs https://app.dimensions.ai/details/publication/pub.1002079458
69 https://doi.org/10.1007/978-3-662-46800-5_23
70 schema:sdDatePublished 2022-11-24T21:11
71 schema:sdLicense https://scigraph.springernature.com/explorer/license/
72 schema:sdPublisher Nfd1979c2599240079e201e8e0cb4cd9d
73 schema:url https://doi.org/10.1007/978-3-662-46800-5_23
74 sgo:license sg:explorer/license/
75 sgo:sdDataset chapters
76 rdf:type schema:Chapter
77 N3c7669def07b49b2ba3dfc5a878b3e6f schema:familyName Oswald
78 schema:givenName Elisabeth
79 rdf:type schema:Person
80 N4acdab3aef774c41ac03428de8cf43cf schema:name doi
81 schema:value 10.1007/978-3-662-46800-5_23
82 rdf:type schema:PropertyValue
83 N557d716dacb54b08889bfcd8c4b5c574 rdf:first sg:person.011724731171.01
84 rdf:rest rdf:nil
85 N55f45a8354c54e1fa6472988a0485f46 rdf:first N3c7669def07b49b2ba3dfc5a878b3e6f
86 rdf:rest Nca8fb8c2cd0e465b86ca5f7677ef52ee
87 N5f3d85693788403288127b05367aa5e3 schema:familyName Fischlin
88 schema:givenName Marc
89 rdf:type schema:Person
90 N83c533d1fda14faaa4cff74f10aa6d76 rdf:first sg:person.010731237165.96
91 rdf:rest N557d716dacb54b08889bfcd8c4b5c574
92 Nca8fb8c2cd0e465b86ca5f7677ef52ee rdf:first N5f3d85693788403288127b05367aa5e3
93 rdf:rest rdf:nil
94 Ncfb0dc9985b744de99f7eb99bc2d613d schema:name dimensions_id
95 schema:value pub.1002079458
96 rdf:type schema:PropertyValue
97 Ne152982cca7c42a2bcdf67536af9a3ed schema:isbn 978-3-662-46799-2
98 978-3-662-46800-5
99 schema:name Advances in Cryptology -- EUROCRYPT 2015
100 rdf:type schema:Book
101 Nf9b11206f1e048d9a533f7f4db7cd3e8 schema:name Springer Nature
102 rdf:type schema:Organisation
103 Nfd1979c2599240079e201e8e0cb4cd9d schema:name Springer Nature - SN SciGraph project
104 rdf:type schema:Organization
105 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
106 schema:name Information and Computing Sciences
107 rdf:type schema:DefinedTerm
108 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
109 schema:name Data Format
110 rdf:type schema:DefinedTerm
111 sg:person.010731237165.96 schema:affiliation grid-institutes:grid.12832.3a
112 schema:familyName Cogliati
113 schema:givenName Benoît
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010731237165.96
115 rdf:type schema:Person
116 sg:person.011724731171.01 schema:affiliation grid-institutes:None
117 schema:familyName Seurin
118 schema:givenName Yannick
119 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01
120 rdf:type schema:Person
121 grid-institutes:None schema:alternateName ANSSI, Paris, France
122 schema:name ANSSI, Paris, France
123 rdf:type schema:Organization
124 grid-institutes:grid.12832.3a schema:alternateName University of Versailles, Versailles, France
125 schema:name University of Versailles, Versailles, France
126 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...