Cryptology ePrint Archive: Report 2015/134

From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions

Pierre Karpman

Abstract: We show that a distinguishing attack in the related key model on an Even-Mansour block cipher can readily be converted into an extremely efficient key recovery attack. Concerned ciphers include in particular all iterated Even-Mansour schemes with independent keys. We apply this observation to the Caesar candidate PrÝst-OTR and are able to recover the whole key with a number of requests linear in its size. This improves on recent forgery attacks in a similar setting.

Category / Keywords: secret-key cryptography / Even-Mansour, related-key attacks, PrÝst-OTR

Original Publication (in the same form): ISC 2015

Date: received 18 Feb 2015, last revised 29 Jan 2016

Contact author: pierre karpman at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20160129:105021 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]