Tweaking Even-Mansour Ciphers View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2015-08-01

AUTHORS

Benoît Cogliati , Rodolphe Lampe , Yannick Seurin

ABSTRACT

We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO 2012) and the iterated Even-Mansour construction (which turns a tuple of public permutations into a traditional block cipher) that has received considerable attention since the work of Bogdanov et al. (EUROCRYPT 2012). More concretely, we introduce the (one-round) tweakable Even-Mansour (TEM) cipher, constructed from a single n-bit permutation P and a uniform and almost XOR-universal family of hash functions (Hk)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$(H_k)$$\end{document} from some tweak space to {0,1}n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\{0,1\}^n$$\end{document}, and defined as (k,t,x)↦Hk(t)⊕P(Hk(t)⊕x)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$(k,t,x)\mapsto H_k(t)\oplus P(H_k(t)\oplus x)$$\end{document}, where k is the key, t is the tweak, and x is the n-bit message, as well as its generalization obtained by cascading r independently keyed rounds of this construction. Our main result is a security bound up to approximately 22n/3\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{2n/3}$$\end{document} adversarial queries against adaptive chosen-plaintext and ciphertext distinguishers for the two-round TEM construction, using Patarin’s H-coefficients technique. We also provide an analysis based on the coupling technique showing that asymptotically, as the number of rounds r grows, the security provided by the r-round TEM construction approaches the information-theoretic bound of 2n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^n$$\end{document} adversarial queries. More... »

PAGES

189-208

Book

TITLE

Advances in Cryptology -- CRYPTO 2015

ISBN

978-3-662-47988-9
978-3-662-47989-6

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-662-47989-6_9

DOI

http://dx.doi.org/10.1007/978-3-662-47989-6_9

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1041121218


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Versailles, Versailles, France", 
          "id": "http://www.grid.ac/institutes/grid.12832.3a", 
          "name": [
            "University of Versailles, Versailles, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Cogliati", 
        "givenName": "Beno\u00eet", 
        "id": "sg:person.010731237165.96", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010731237165.96"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Versailles, Versailles, France", 
          "id": "http://www.grid.ac/institutes/grid.12832.3a", 
          "name": [
            "University of Versailles, Versailles, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lampe", 
        "givenName": "Rodolphe", 
        "id": "sg:person.013502647333.10", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013502647333.10"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Seurin", 
        "givenName": "Yannick", 
        "id": "sg:person.011724731171.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2015-08-01", 
    "datePublishedReg": "2015-08-01", 
    "description": "We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO\u00a02012) and the iterated Even-Mansour construction (which turns a tuple of public permutations into a traditional block cipher) that has received considerable attention since the work of Bogdanov et al. (EUROCRYPT\u00a02012). More concretely, we introduce the (one-round) tweakable Even-Mansour (TEM) cipher, constructed from a single n-bit permutation P and a uniform and almost XOR-universal family of hash functions (Hk)\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$(H_k)$$\\end{document} from some tweak space to {0,1}n\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\{0,1\\}^n$$\\end{document}, and defined as (k,t,x)\u21a6Hk(t)\u2295P(Hk(t)\u2295x)\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$(k,t,x)\\mapsto H_k(t)\\oplus P(H_k(t)\\oplus x)$$\\end{document}, where k is the key, t is the tweak, and x is the n-bit message, as well as its generalization obtained by cascading r independently keyed rounds of this construction. Our main result is a security bound up\u00a0to approximately 22n/3\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^{2n/3}$$\\end{document} adversarial queries against adaptive chosen-plaintext and ciphertext distinguishers for the two-round TEM construction, using Patarin\u2019s H-coefficients technique. We also provide an analysis based on the coupling technique showing that asymptotically, as the number of rounds r grows, the security provided by the r-round TEM construction approaches the information-theoretic bound of 2n\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$2^n$$\\end{document} adversarial queries.", 
    "editor": [
      {
        "familyName": "Gennaro", 
        "givenName": "Rosario", 
        "type": "Person"
      }, 
      {
        "familyName": "Robshaw", 
        "givenName": "Matthew", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-662-47989-6_9", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-662-47988-9", 
        "978-3-662-47989-6"
      ], 
      "name": "Advances in Cryptology -- CRYPTO 2015", 
      "type": "Book"
    }, 
    "keywords": [
      "construction", 
      "messages", 
      "parties", 
      "access", 
      "oracle", 
      "considerable attention", 
      "attention", 
      "work", 
      "family", 
      "space", 
      "security", 
      "queries", 
      "cipher", 
      "et al", 
      "key", 
      "generalization", 
      "rounds", 
      "analysis", 
      "grows", 
      "model", 
      "composition", 
      "al", 
      "uniform", 
      "function", 
      "main results", 
      "results", 
      "technique", 
      "number", 
      "TWEAK", 
      "tweakable block cipher", 
      "block cipher", 
      "random permutation model", 
      "permutation model", 
      "random permutation oracle", 
      "black-box composition", 
      "Even-Mansour construction", 
      "Bogdanov et al", 
      "Even-Mansour cipher", 
      "permutation P", 
      "hash function", 
      "tweak space", 
      "n-bit message", 
      "adversarial queries", 
      "distinguisher", 
      "H-coefficient technique", 
      "coupling technique", 
      "Mansour ciphers"
    ], 
    "name": "Tweaking Even-Mansour Ciphers", 
    "pagination": "189-208", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1041121218"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-662-47989-6_9"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-662-47989-6_9", 
      "https://app.dimensions.ai/details/publication/pub.1041121218"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-12-01T06:49", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221201/entities/gbq_results/chapter/chapter_254.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-662-47989-6_9"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-47989-6_9'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-47989-6_9'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-47989-6_9'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-47989-6_9'


 

This table displays all metadata directly associated to this object as RDF triples.

128 TRIPLES      22 PREDICATES      71 URIs      64 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-662-47989-6_9 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N62e398e4e31841d58b84e92a331c9d79
4 schema:datePublished 2015-08-01
5 schema:datePublishedReg 2015-08-01
6 schema:description We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO 2012) and the iterated Even-Mansour construction (which turns a tuple of public permutations into a traditional block cipher) that has received considerable attention since the work of Bogdanov et al. (EUROCRYPT 2012). More concretely, we introduce the (one-round) tweakable Even-Mansour (TEM) cipher, constructed from a single n-bit permutation P and a uniform and almost XOR-universal family of hash functions (Hk)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$(H_k)$$\end{document} from some tweak space to {0,1}n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\{0,1\}^n$$\end{document}, and defined as (k,t,x)↦Hk(t)⊕P(Hk(t)⊕x)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$(k,t,x)\mapsto H_k(t)\oplus P(H_k(t)\oplus x)$$\end{document}, where k is the key, t is the tweak, and x is the n-bit message, as well as its generalization obtained by cascading r independently keyed rounds of this construction. Our main result is a security bound up to approximately 22n/3\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{2n/3}$$\end{document} adversarial queries against adaptive chosen-plaintext and ciphertext distinguishers for the two-round TEM construction, using Patarin’s H-coefficients technique. We also provide an analysis based on the coupling technique showing that asymptotically, as the number of rounds r grows, the security provided by the r-round TEM construction approaches the information-theoretic bound of 2n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^n$$\end{document} adversarial queries.
7 schema:editor N16daf796a97b490d955bb847aecbab24
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf N0acf321dcc9d44f4887a54d895d4e8f6
11 schema:keywords Bogdanov et al
12 Even-Mansour cipher
13 Even-Mansour construction
14 H-coefficient technique
15 Mansour ciphers
16 TWEAK
17 access
18 adversarial queries
19 al
20 analysis
21 attention
22 black-box composition
23 block cipher
24 cipher
25 composition
26 considerable attention
27 construction
28 coupling technique
29 distinguisher
30 et al
31 family
32 function
33 generalization
34 grows
35 hash function
36 key
37 main results
38 messages
39 model
40 n-bit message
41 number
42 oracle
43 parties
44 permutation P
45 permutation model
46 queries
47 random permutation model
48 random permutation oracle
49 results
50 rounds
51 security
52 space
53 technique
54 tweak space
55 tweakable block cipher
56 uniform
57 work
58 schema:name Tweaking Even-Mansour Ciphers
59 schema:pagination 189-208
60 schema:productId Na1eb5ef3e6b24552ad338328d6a1971b
61 Nbd6e2423a7bc4cc1992634f4ca4f3ec4
62 schema:publisher N00ffe6db83d7440cb83473cf17344afe
63 schema:sameAs https://app.dimensions.ai/details/publication/pub.1041121218
64 https://doi.org/10.1007/978-3-662-47989-6_9
65 schema:sdDatePublished 2022-12-01T06:49
66 schema:sdLicense https://scigraph.springernature.com/explorer/license/
67 schema:sdPublisher N26475c6c55154795920b5af45a36e4e6
68 schema:url https://doi.org/10.1007/978-3-662-47989-6_9
69 sgo:license sg:explorer/license/
70 sgo:sdDataset chapters
71 rdf:type schema:Chapter
72 N00ffe6db83d7440cb83473cf17344afe schema:name Springer Nature
73 rdf:type schema:Organisation
74 N0acf321dcc9d44f4887a54d895d4e8f6 schema:isbn 978-3-662-47988-9
75 978-3-662-47989-6
76 schema:name Advances in Cryptology -- CRYPTO 2015
77 rdf:type schema:Book
78 N16daf796a97b490d955bb847aecbab24 rdf:first N52eb27de0d4c45adb8fd4b19ed387dcf
79 rdf:rest N882b7a68644e449a89ea97e05db6cd8c
80 N26475c6c55154795920b5af45a36e4e6 schema:name Springer Nature - SN SciGraph project
81 rdf:type schema:Organization
82 N52eb27de0d4c45adb8fd4b19ed387dcf schema:familyName Gennaro
83 schema:givenName Rosario
84 rdf:type schema:Person
85 N62e398e4e31841d58b84e92a331c9d79 rdf:first sg:person.010731237165.96
86 rdf:rest N6af9f761bc9442ffab2b352c09486c66
87 N6af9f761bc9442ffab2b352c09486c66 rdf:first sg:person.013502647333.10
88 rdf:rest Nfeb6c951e75c4a69bafb185fa23c415f
89 N882b7a68644e449a89ea97e05db6cd8c rdf:first Nf5cca12dd0bf43beb5a61ce4c1a9e9c2
90 rdf:rest rdf:nil
91 Na1eb5ef3e6b24552ad338328d6a1971b schema:name dimensions_id
92 schema:value pub.1041121218
93 rdf:type schema:PropertyValue
94 Nbd6e2423a7bc4cc1992634f4ca4f3ec4 schema:name doi
95 schema:value 10.1007/978-3-662-47989-6_9
96 rdf:type schema:PropertyValue
97 Nf5cca12dd0bf43beb5a61ce4c1a9e9c2 schema:familyName Robshaw
98 schema:givenName Matthew
99 rdf:type schema:Person
100 Nfeb6c951e75c4a69bafb185fa23c415f rdf:first sg:person.011724731171.01
101 rdf:rest rdf:nil
102 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
103 schema:name Information and Computing Sciences
104 rdf:type schema:DefinedTerm
105 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
106 schema:name Data Format
107 rdf:type schema:DefinedTerm
108 sg:person.010731237165.96 schema:affiliation grid-institutes:grid.12832.3a
109 schema:familyName Cogliati
110 schema:givenName Benoît
111 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010731237165.96
112 rdf:type schema:Person
113 sg:person.011724731171.01 schema:affiliation grid-institutes:None
114 schema:familyName Seurin
115 schema:givenName Yannick
116 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01
117 rdf:type schema:Person
118 sg:person.013502647333.10 schema:affiliation grid-institutes:grid.12832.3a
119 schema:familyName Lampe
120 schema:givenName Rodolphe
121 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013502647333.10
122 rdf:type schema:Person
123 grid-institutes:None schema:alternateName ANSSI, Paris, France
124 schema:name ANSSI, Paris, France
125 rdf:type schema:Organization
126 grid-institutes:grid.12832.3a schema:alternateName University of Versailles, Versailles, France
127 schema:name University of Versailles, Versailles, France
128 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...