### Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys

Itai Dinur, Orr Dunkelman, Nathan Keller, and Adi Shamir

##### Abstract

The iterated Even-Mansour (EM) scheme is a generalization of the original 1-round construction proposed in 1991, and can use one key, two keys, or completely independent keys. In this paper, we methodically analyze the security of all the possible iterated Even-Mansour schemes with two $n$-bit keys and up to four rounds, and show that none of them provides more than $n$-bit security. Our attacks are based on a new cryptanalytic technique called \emph{multibridge} which splits the cipher to different parts in a novel way, such that they can be analyzed independently, exploiting its self-similarity properties. After the analysis of the parts, the key suggestions are efficiently joined using a meet-in-the-middle procedure. As a demonstration of the multibridge technique, we devise a new attack on 4 steps of the LED-128 block cipher, reducing the time complexity of the best known attack on this scheme from $2^{96}$ to $2^{64}$. Furthermore, we show that our technique can be used as a generic key-recovery tool, when combined with some statistical distinguishers (like those recently constructed in reflection cryptanalysis of GOST and PRINCE).

Available format(s)
Publication info
A minor revision of an IACR publication in ASIACRYPT 2014
Keywords
Cryptanalysismeet-in-the-middle attacksmultibridge attackiterated Even-MansourLED-128.
Contact author(s)
dinur @ di ens fr
History
2014-09-15: last of 4 revisions
See all versions
Short URL
https://ia.cr/2013/674

CC BY

BibTeX

@misc{cryptoeprint:2013/674,
author = {Itai Dinur and Orr Dunkelman and Nathan Keller and Adi Shamir},
title = {Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys},
howpublished = {Cryptology ePrint Archive, Paper 2013/674},
year = {2013},
note = {\url{https://eprint.iacr.org/2013/674}},
url = {https://eprint.iacr.org/2013/674}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.