#### Filter Results:

#### Publication Year

2011

2015

#### Publication Type

#### Co-author

#### Key Phrase

#### Publication Venue

Learn More

We analyze the security of the iterated Even-Mansour cipher (a.k.a. key-alternating cipher), a very simple and natural construction of a blockcipher in the random permutation model. This construction, first considered by Even and Mansour (J. Cryptology, 1997) with a single permutation, was recently generalized to use t permutations in the work of Bogdanov… (More)

We show how to construct an ideal cipher with n-bit blocks and n-bit keys (i.e. a set of 2 n public n-bit permutations) from a small constant number of n-bit random public permutations. The construction that we consider is the single-key iterated Even-Mansour cipher, which encrypts a plaintext x ∈ {0, 1} n under a key k ∈ {0, 1} n by alternatively xoring… (More)

The r-round (iterated) Even-Mansour cipher (also known as key-alternating cipher) defines a block cipher from r fixed public n-bit permutations P1,. .. , Pr as follows: given a sequence of n-bit round keys k0,. .. , kr, an n-bit plaintext x is encrypted by xoring round key k0, applying permutation P1, xoring round key k1, etc. The (strong) pseudorandomness… (More)

Introduction Tweakable blockcipher: A family of blockcipher indexed with a tweak (a public parameter) :

We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of… (More)

We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudoran-dom round functions are of the form Fi(x ⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to… (More)

In 1989, (Shamir, 1989) proposed a new zero-knowledge identification scheme based on a NP-complete problem called PKP for Permuted Kernel Problem. For a given prime p, a given matrix A and a given vector V , the problem is to find a permutation π such that the permuted vector V π verifies A · V π = 0 mod p. This scheme is still in 2011 known as one of the… (More)

We combine the H Coecients technique and the Coupling technique to improve security bounds of balanced Feistel schemes. For q queries and round functions of n−bits to n−bits, we nd that the CCA Security of 4 + 2r rounds Feistel schemes is upperbounded by 2q r+3 4q 2 n r+1 2 + q(q−1) 2·2 2n. This divides by roughly 1.5 the number of needed rounds for a given… (More)

- ‹
- 1
- ›