### The Related-Key Security of Iterated Even-Mansour Ciphers

Pooya Farshim and Gordon Procter

##### Abstract

The simplicity and widespread use of blockciphers based on the iterated Even--Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphers under related-key attacks which, despite extensive prior work, has received little attention. We show that the simplest one-round EM cipher is strong enough to achieve non-trivial levels of RKA security even under chosen-ciphertext attacks. This class, however, does not include the practically relevant case of offsetting keys by constants. We show that two rounds suffice to reach this level under chosen-plaintext attacks and that three rounds can boost security to resist chosen-ciphertext attacks. We also formalize how indifferentiability relates to RKA security, showing strong positive results despite counterexamples presented for indifferentiability in multi-stage games.

Available format(s)
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Even-Mansourrelated-key attackpublic permutationideal cipherindifferentiability
Contact author(s)
gtprocter @ gmail com
History
2014-11-21: last of 2 revisions
See all versions
Short URL
https://ia.cr/2014/953

CC BY

BibTeX

@misc{cryptoeprint:2014/953,
author = {Pooya Farshim and Gordon Procter},
title = {The Related-Key Security of Iterated Even-Mansour Ciphers},
howpublished = {Cryptology ePrint Archive, Paper 2014/953},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/953}},
url = {https://eprint.iacr.org/2014/953}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.