Cryptology ePrint Archive: Report 2015/222

Towards Understanding the Known-Key Security of Block Ciphers

Elena Andreeva, Andrey Bogdanov, and Bart Mennink

Abstract: Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. A formalization of known-key attacks in general is known to be difficult. In this paper, we tackle this problem for the case of block ciphers based on ideal components such as random permutations and random functions as well as propose new generic known-key attacks on generalized Feistel ciphers. We introduce the notion of known-key indifferentiability to capture the security of such block ciphers under a known key. To show its meaningfulness, we prove that the known-key attacks on block ciphers with ideal primitives to date violate security under known-key indifferentiability. On the other hand, to demonstrate its constructiveness, we prove the balanced Feistel cipher with random functions and the multiple Even-Mansour cipher with random permutations known-key indifferentiable for a sufficient number of rounds. We note that known-key indifferentiability is more quickly and tightly attained by multiple Even-Mansour which puts it forward as a construction provably secure against known-key attacks.

Category / Keywords: secret-key cryptography / Block ciphers, known-key security, known-key distinguishers, indifferentiability

Original Publication (with minor differences): IACR-FSE-2013

Date: received 8 Mar 2015

Contact author: bart mennink at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20150309:210520 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]