Paper 2022/1097

Post-Quantum Security of Tweakable Even-Mansour, and Applications

Gorjan Alagic, University of Maryland, College Park, NIST
Chen Bai, University of Maryland, College Park
Jonathan Katz, Google
Christian Majenz, Technical University of Denmark
Patrick Struck, University of Konstanz

The tweakable Even-Mansour construction yields a tweakable block cipher from a public random permutation. We prove post-quantum security of tweakable Even-Mansour when attackers have quantum access to the random permutation but only classical access to the secretly-keyed construction, the relevant setting for most real-world applications. We then use our results to prove post-quantum security—in the same model—of the symmetric-key schemes Chaskey (an ISO-standardized MAC), Elephant (an AEAD finalist of NIST's lightweight cryptography standardization effort), and a variant of Minalpher (an AEAD second-round candidate of the CAESAR competition).

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2024
Post-quantum CryptographyNIST Lightweight CryptographyQ1 model.
Contact author(s)
galagic @ umd edu
cbai1 @ umd edu
jkatz2 @ gmail com
chmaj @ dtu dk
patrick struck @ uni-konstanz de
2024-02-29: last of 5 revisions
2022-08-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gorjan Alagic and Chen Bai and Jonathan Katz and Christian Majenz and Patrick Struck},
      title = {Post-Quantum Security of Tweakable Even-Mansour, and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1097},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.