Rodolphe Lampe

Learn More
We analyze the security of the iterated Even-Mansour cipher (a.k.a. key-alternating cipher), a very simple and natural construction of a blockcipher in the random permutation model. This construction, first considered by Even and Mansour (J. Cryptology, 1997) with a single permutation, was recently generalized to use t permutations in the work of Bogdanov(More)
We show how to construct an ideal cipher with n-bit blocks and n-bit keys (i.e. a set of 2 n public n-bit permutations) from a small constant number of n-bit random public permutations. The construction that we consider is the single-key iterated Even-Mansour cipher, which encrypts a plaintext x ∈ {0, 1} n under a key k ∈ {0, 1} n by alternatively xoring(More)
The r-round (iterated) Even-Mansour cipher (also known as key-alternating cipher) defines a block cipher from r fixed public n-bit permutations P1,. .. , Pr as follows: given a sequence of n-bit round keys k0,. .. , kr, an n-bit plaintext x is encrypted by xoring round key k0, applying permutation P1, xoring round key k1, etc. The (strong) pseudorandomness(More)
We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudoran-dom round functions are of the form Fi(x ⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to(More)
In 1989, (Shamir, 1989) proposed a new zero-knowledge identification scheme based on a NP-complete problem called PKP for Permuted Kernel Problem. For a given prime p, a given matrix A and a given vector V , the problem is to find a permutation π such that the permuted vector V π verifies A · V π = 0 mod p. This scheme is still in 2011 known as one of the(More)