Cryptology ePrint Archive: Report 2015/101

Multi-Key Security: The Even-Mansour Construction Revisited

Nicky Mouha and Atul Luykx

Abstract: At ASIACRYPT 1991, Even and Mansour introduced a block cipher construction based on a single permutation. Their construction has since been lauded for its simplicity, yet also criticized for not providing the same security as other block ciphers against generic attacks. In this paper, we prove that if a small number of plaintexts are encrypted under multiple independent keys, the Even-Mansour construction surprisingly offers similar security as an ideal block cipher with the same block and key size. Note that this multi-key setting is of high practical relevance, as real-world implementations often allow frequent rekeying. We hope that the results in this paper will further encourage the use of the Even-Mansour construction, especially when the secure and efficient implementation of a key schedule would result in a significant overhead.

Category / Keywords: secret-key cryptography / Even-Mansour, multi-key setting, broadcast attack, related-key setting

Original Publication (in the same form): IACR-CRYPTO-2015

Date: received 11 Feb 2015, last revised 1 Jun 2015

Contact author: Nicky Mouha at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20150601:144937 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]