Cryptology ePrint Archive: Report 2015/134
From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions
Abstract: We show that a distinguishing attack in the related key model on an Even-Mansour block cipher can readily be converted into an extremely efficient key recovery attack.
Concerned ciphers include in particular all iterated Even-Mansour schemes with independent keys.
We apply this observation to the Caesar candidate PrÝst-OTR and are able to recover the whole key with a number of requests linear in its size. This improves on recent forgery attacks in a similar setting.
Category / Keywords: secret-key cryptography / Even-Mansour, related-key attacks, PrÝst-OTR
Original Publication (in the same form): ISC 2015
Date: received 18 Feb 2015, last revised 29 Jan 2016
Contact author: pierre karpman at gmail com
Available format(s): PDF | BibTeX Citation
Version: 20160129:105021 (All versions of this report)
Short URL: ia.cr/2015/134
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]