#### Filter Results:

#### Publication Year

1987

2015

#### Publication Type

#### Co-author

#### Publication Venue

#### Key Phrases

Learn More

We analyze the security of the iterated Even-Mansour cipher (a.k.a. key-alternating cipher), a very simple and natural construction of a blockcipher in the random permutation model. This construction, first considered by Even and Mansour (J. Cryptology, 1997) with a single permutation, was recently generalized to use t permutations in the work of Bogdanov… (More)

We show how to construct an ideal cipher with n-bit blocks and n-bit keys (i.e. a set of 2 n public n-bit permutations) from a small constant number of n-bit random public permutations. The construction that we consider is the single-key iterated Even-Mansour cipher, which encrypts a plaintext x ∈ {0, 1} n under a key k ∈ {0, 1} n by alternatively xoring… (More)

The r-round (iterated) Even-Mansour cipher (also known as key-alternating cipher) defines a block cipher from r fixed public n-bit permutations P1,. .. , Pr as follows: given a sequence of n-bit round keys k0,. .. , kr, an n-bit plaintext x is encrypted by xoring round key k0, applying permutation P1, xoring round key k1, etc. The (strong) pseudorandomness… (More)

We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of… (More)

Introduction Tweakable blockcipher: A family of blockcipher indexed with a tweak (a public parameter) :

We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudoran-dom round functions are of the form Fi(x ⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to… (More)

In 1989, (Shamir, 1989) proposed a new zero-knowledge identification scheme based on a NP-complete problem called PKP for Permuted Kernel Problem. For a given prime p, a given matrix A and a given vector V , the problem is to find a permutation π such that the permuted vector V π verifies A · V π = 0 mod p. This scheme is still in 2011 known as one of the… (More)

- John P Steinberger, Advisor, Phillip Rogaway, P Gaži, J Lee, Y Seurin +10 others
- 2015

- Rodolphe Lampe
- 2014