Paper 2014/953
The Related-Key Security of Iterated Even-Mansour Ciphers
Pooya Farshim and Gordon Procter
Abstract
The simplicity and widespread use of blockciphers based on the iterated Even--Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphers under related-key attacks which, despite extensive prior work, has received little attention. We show that the simplest one-round EM cipher is strong enough to achieve non-trivial levels of RKA security even under chosen-ciphertext attacks. This class, however, does not include the practically relevant case of offsetting keys by constants. We show that two rounds suffice to reach this level under chosen-plaintext attacks and that three rounds can boost security to resist chosen-ciphertext attacks. We also formalize how indifferentiability relates to RKA security, showing strong positive results despite counterexamples presented for indifferentiability in multi-stage games.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Even-Mansourrelated-key attackpublic permutationideal cipherindifferentiability
- Contact author(s)
- gtprocter @ gmail com
- History
- 2014-11-21: last of 2 revisions
- 2014-11-21: received
- See all versions
- Short URL
- https://ia.cr/2014/953
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/953, author = {Pooya Farshim and Gordon Procter}, title = {The Related-Key Security of Iterated Even-Mansour Ciphers}, howpublished = {Cryptology {ePrint} Archive, Paper 2014/953}, year = {2014}, url = {https://eprint.iacr.org/2014/953} }