Name
Abstract | ||
|---|---|---|
The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KA(t) consists of a small number t of fixed permutations P-i on n bits, separated by key addition: KA(t)(K, m) = kt circle plus P-t(... k(2) circle plus P-2(k(1) circle plus P-1(k(0) circle plus m)) ...), where (k(0), ..., k(t)) are obtained from the master key K using some key derivation function. For t = 1, KA(1) collapses to the well-known Even-Mansour cipher, which is known to be indistinguishable from a (secret) random permutation, if P-1 is modeled as a (public) random permutation. In this work we seek for stronger security of key-alternating ciphers - indifferentiability from an ideal cipher - and ask the question under which conditions on the key derivation function and for how many rounds t is the key-alternating cipher KA(t) indifferentiable from the ideal cipher, assuming P-1, ..., P-t are (public) random permutations? As our main result, we give an affirmative answer for t = 5, showing that the 5-round key-alternating cipher KA(5) is indifferentiable from an ideal cipher, assuming P-1, ..., P-5 are five independent random permutations, and the key derivation function sets all rounds keys k(i) = f(K), where 0 <= i <= 5 and f is modeled as a random oracle. Moreover, when vertical bar K vertical bar = vertical bar m vertical bar, we show we can set f(K) = P-0(K) circle plus K, giving an n-bit block cipher with an n-bit key, making only six calls to n-bit permutations P-0, P-1, P-2, P-3, P-4, P-5. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1007/978-3-642-40041-4_29 | ADVANCES IN CRYPTOLOGY - CRYPTO 2013, PT I |
Keywords | DocType | Volume |
Even-Mansour,ideal cipher,key-alternating cipher,indifferentiability | Conference | 8042 |
Issue | ISSN | Citations |
PART 1 | 0302-9743 | 30 |
PageRank | References | Authors |
0.82 | 42 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Elena Andreeva | 1 | 385 | 20.39 |
| Andrey Bogdanov | 2 | 2067 | 98.10 |
| Yevgeniy Dodis | 3 | 5843 | 277.49 |
| Bart Mennink | 4 | 437 | 36.25 |
| John P. Steinberger | 5 | 329 | 18.30 |