Paper 2017/042
Indifferentiability of Iterated Even-Mansour Ciphers with Non-Idealized Key-Schedules: Five Rounds are Necessary and Sufficient
Yuanxi Dai, Yannick Seurin, John Steinberger, and Aishwarya Thiruvengadam
Abstract
We prove that the 5-round iterated Even-Mansour (IEM) construction (which captures the high-level structure of the class of key-alternating ciphers) with a non-idealized key-schedule (such as the trivial key-schedule, where all round keys are equal) is indifferentiable from an ideal cipher. In a separate result, we also prove that five rounds are necessary by describing an attack against the corresponding 4-round construction. This closes the gap regarding the exact number of rounds for which the IEM construction with a non-idealized key-schedule is indifferentiable from an ideal cipher, which was previously only known to lie between four and twelve.
Note: Update the title.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- block cipherideal cipheriterated Even-Mansourkey-alternating ciphersindifferentiability
- Contact author(s)
- dyx13 @ mails tsinghua edu cn
- History
- 2017-06-10: last of 2 revisions
- 2017-01-18: received
- See all versions
- Short URL
- https://ia.cr/2017/042
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/042,
author = {Yuanxi Dai and Yannick Seurin and John Steinberger and Aishwarya Thiruvengadam},
title = {Indifferentiability of Iterated Even-Mansour Ciphers with Non-Idealized Key-Schedules: Five Rounds are Necessary and Sufficient},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/042},
year = {2017},
url = {https://eprint.iacr.org/2017/042}
}
