[Resource Topic] 2015/851: Beyond-Birthday-Bound Security for Tweakable Even-Mansour Ciphers with Linear Tweak and Key Mixing

Welcome to the resource topic for 2015/851

Title:
Beyond-Birthday-Bound Security for Tweakable Even-Mansour Ciphers with Linear Tweak and Key Mixing

Authors: Benoît Cogliati, Yannick Seurin

Abstract:

The iterated Even-Mansour construction defines a block cipher from a tuple of public n-bit permutations (P_1,\ldots,P_r) by alternatively xoring some n-bit round key k_i, i=0,\ldots,r, and applying permutation P_i to the state. The \emph{tweakable} Even-Mansour construction generalizes the conventional Even-Mansour construction by replacing the n-bit round keys by n-bit strings derived from a master key \emph{and a tweak}, thereby defining a tweakable block cipher. Constructions of this type have been previously analyzed, but they were either secure only up to the birthday bound, or they used a nonlinear mixing function of the key and the tweak (typically, multiplication of the key and the tweak seen as elements of some finite field) which might be costly to implement. In this paper, we tackle the question of whether it is possible to achieve beyond-birthday-bound security for such a construction by using only linear operations for mixing the key and the tweak into the state. We answer positively, describing a 4-round construction with a 2n-bit master key and an n-bit tweak which is provably secure in the Random Permutation Model up to roughly 2^{2n/3} adversarial queries.

ePrint: https://eprint.iacr.org/2015/851

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .