Paper 2014/953

The Related-Key Security of Iterated Even-Mansour Ciphers

Pooya Farshim and Gordon Procter

Abstract

The simplicity and widespread use of blockciphers based on the iterated Even--Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphers under related-key attacks which, despite extensive prior work, has received little attention. We show that the simplest one-round EM cipher is strong enough to achieve non-trivial levels of RKA security even under chosen-ciphertext attacks. This class, however, does not include the practically relevant case of offsetting keys by constants. We show that two rounds suffice to reach this level under chosen-plaintext attacks and that three rounds can boost security to resist chosen-ciphertext attacks. We also formalize how indifferentiability relates to RKA security, showing strong positive results despite counterexamples presented for indifferentiability in multi-stage games.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Even-Mansourrelated-key attackpublic permutationideal cipherindifferentiability
Contact author(s)
gtprocter @ gmail com
History
2014-11-21: last of 2 revisions
2014-11-21: received
See all versions
Short URL
https://ia.cr/2014/953
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/953,
      author = {Pooya Farshim and Gordon Procter},
      title = {The Related-Key Security of Iterated Even-Mansour Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/953},
      year = {2014},
      url = {https://eprint.iacr.org/2014/953}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.