Cryptology ePrint Archive: Report 2017/042

Indifferentiability of Iterated Even-Mansour Ciphers with Non-Idealized Key-Schedules: Five Rounds are Necessary and Sufficient

Yuanxi Dai and Yannick Seurin and John Steinberger and Aishwarya Thiruvengadam

Abstract: We prove that the 5-round iterated Even-Mansour (IEM) construction (which captures the high-level structure of the class of key-alternating ciphers) with a non-idealized key-schedule (such as the trivial key-schedule, where all round keys are equal) is indifferentiable from an ideal cipher. In a separate result, we also prove that five rounds are necessary by describing an attack against the corresponding 4-round construction. This closes the gap regarding the exact number of rounds for which the IEM construction with a non-idealized key-schedule is indifferentiable from an ideal cipher, which was previously only known to lie between four and twelve.

Category / Keywords: secret-key cryptography / block cipher, ideal cipher, iterated Even-Mansour, key-alternating ciphers, indifferentiability

Date: received 18 Jan 2017, last revised 10 Jun 2017

Contact author: dyx13 at mails tsinghua edu cn

Available format(s): PDF | BibTeX Citation

Note: Update the title.

Version: 20170610:152212 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]