Paper 2017/042

Indifferentiability of Iterated Even-Mansour Ciphers with Non-Idealized Key-Schedules: Five Rounds are Necessary and Sufficient

Yuanxi Dai, Yannick Seurin, John Steinberger, and Aishwarya Thiruvengadam

Abstract

We prove that the 5-round iterated Even-Mansour (IEM) construction (which captures the high-level structure of the class of key-alternating ciphers) with a non-idealized key-schedule (such as the trivial key-schedule, where all round keys are equal) is indifferentiable from an ideal cipher. In a separate result, we also prove that five rounds are necessary by describing an attack against the corresponding 4-round construction. This closes the gap regarding the exact number of rounds for which the IEM construction with a non-idealized key-schedule is indifferentiable from an ideal cipher, which was previously only known to lie between four and twelve.

Note: Update the title.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
block cipherideal cipheriterated Even-Mansourkey-alternating ciphersindifferentiability
Contact author(s)
dyx13 @ mails tsinghua edu cn
History
2017-06-10: last of 2 revisions
2017-01-18: received
See all versions
Short URL
https://ia.cr/2017/042
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/042,
      author = {Yuanxi Dai and Yannick Seurin and John Steinberger and Aishwarya Thiruvengadam},
      title = {Indifferentiability of Iterated Even-Mansour Ciphers with Non-Idealized Key-Schedules: Five Rounds are Necessary and Sufficient},
      howpublished = {Cryptology ePrint Archive, Paper 2017/042},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/042}},
      url = {https://eprint.iacr.org/2017/042}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.