Cryptology ePrint Archive: Report 2015/134

From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions

Pierre Karpman

Abstract: We show that a distinguishing attack in the related key model on an Even-Mansour block cipher can readily be converted into an extremely efficient key recovery attack. Concerned ciphers include in particular all iterated Even-Mansour schemes with independent keys. We apply this observation to the Caesar candidate Prøst-OTR and are able to recover the whole key with a number of requests linear in its size. This improves on recent forgery attacks in a similar setting.

Category / Keywords: secret-key cryptography / Even-Mansour, related-key attacks, Prøst-OTR

Original Publication (in the same form): ISC 2015

Date: received 18 Feb 2015, last revised 17 Jun 2015

Contact author: pierre karpman at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150618:054040 (All versions of this report)

Short URL: ia.cr/2015/134

Discussion forum: Show discussion | Start new discussion