[PDF] Top 20 Tweaking Even-Mansour Ciphers
Has 10000 "Tweaking Even-Mansour Ciphers" found on our website. Below are the top 20 most common "Tweaking Even-Mansour Ciphers".
Tweaking Even-Mansour Ciphers
... Tweakable block ciphers can be designed “from scratch” (e.g., the Hasty Pudding ci- pher [Sch98], Mercy [Cro00], or Threefish, the block cipher on which the Skein hash func- tion [FLS + 10] is based), however most ... See full document
38
Beyond-Birthday-Bound Security for Tweakable Even-Mansour Ciphers with Linear Tweak and Key Mixing
... Tweaking Even-Mansour ...Feistel ciphers. This was extended to generalized Feistel ciphers by Mitsuda and Iwata ...block ciphers besides Feistel ciphers, namely ... See full document
27
Multi-key Analysis of Tweakable Even-Mansour with Applications to Minalpher and OPP
... As early approaches for tweakable Even-Mansour construction, Sasaki et al. propose a concrete one-round scheme and use it to design their AE algorithm Minalpher [STA + 15], which is a second-round candidate ... See full document
19
Minimizing the Two-Round Even-Mansour Cipher
... block ciphers, round keys are derived from an n-bit master key (or more generally an `-bit master key, where ` ∈ [n, 2n] is small compared with the total length of the round keys), and the same permutation, or ... See full document
51
Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys
... iterated Even-Mansour ciphers with two keys, we notice that our techniques can also be combined with statistical distin- guishers to give efficient key recovery attacks on certain block ...block ... See full document
21
Multi-Key Security: The Even-Mansour Construction Revisited
... 1991, Even and Mansour introduced a block cipher construction based on a single ...block ciphers against generic ...the Even-Mansour construction sur- prisingly offers similar security ... See full document
16
On the Provable Security of the Tweakable Even-Mansour Cipher Against Multi-Key and Related-Key Attacks
... A tweakable blockcipher (TBC) is a generalization of a traditional block cipher, which adds a tweak as an extra public input on the basis of the usual inputs (a plaintext and a key). Tweakable blockciphers (TBCs) with ... See full document
18
On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks
... We define here the notion of sequential indifferentiability (seq-indifferentiability for short), introduced by [MPS12], which is a weakened variant of (full) indifferentiability as introduced by [MRH04], and then explain ... See full document
31
From Related-Key Distinguishers to Related-Key-Recovery on Even-Mansour Constructions
... Remark. If the padding of the nonce in Prøst-OTR were done on the most significant bits, no attack similar to Step 2 could recover the corresponding key bits: the modular addition is a triangular function (meaning that ... See full document
12
Quantum cryptanalysis on some Generalized Feistel Schemes
... the Even-Mansour ciphers could be broken in polynomial time by Simon algorithm [9], which could find the period of a periodic function in polynomial time in a quantum ... See full document
13
More Rounds, Less Security?
... Our Contributions. In the domain of provable security, it is well-known that iterating an ideal primitive will result in a loss of security. This is already evident from the very first results in provable security, so we ... See full document
22
Quantum Chosen-Ciphertext Attacks against Feistel Ciphers
... to resist the exhaustive key search by Grover’s algorithm [9] is sufficient to pro- tect symmetric-key schemes from quantum computers. However, Kuwakado and Morii [15] demonstrated that, by exploiting Simon’s algorithm ... See full document
24
Impossible Differential Attack on Simpira v2
... Abstract. Simpira v2 is a family of cryptographic permutations proposed at ASIACRYPT 2016 which can be used to construct high throughput block ciphers using the Even-Mansour construc- tion, ... See full document
13
Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers
... Meet-in-the-Middle Attacks. The idea behind a meet-in-the-middle attack is to separate the mathematical equations that describe a block cipher into two or more groups, in such a way that some variables do not appear in ... See full document
18
A Synthetic Indifferentiability Analysis of Interleaved Double-Key Even-Mansour Ciphers
... Indifferentiability of IEM. The studies on indifferentiability and sequential- indifferentiability (seq-indifferentiability ) of IEM are mainly motivated by fur- ther validating the SPN-based blockcipher design ... See full document
53
The Related-Key Security of Iterated Even-Mansour Ciphers
... The search for xor-RKA security leads us to consider the two-round EM constructions. The first attack discussed above, where the key is offset by a constant, still applies in this setting and once again we consider key ... See full document
31
Balanced permutations Even-Mansour ciphers
... Hereafter, we use the single key EM256AES. To establish security proper- ties for EM 256AES, we make the standard assumption about AES: if a secret key is selected (uniformly at ranomd), an adversary has negligible ... See full document
21
Construction of Stream Ciphers from Block Ciphers and their Security
... A stream cipher is defined as an algorithm for encryption and decryption of individual plaintext digits (e.g single bits or bytes), as opposed to block ciphers that encrypt blocks of a fixed bit length. Usually ... See full document
12
Chaskey: a MAC Algorithm for Microcontrollers -- Status Update and Proposal of Chaskey-12 --
... – April 21, 2015: The underlying block cipher of Chaskey was bench- marked by the FELICS project [4] of the University of Luxembourg on a variety of microcontrollers. As the implementation results show, the Chaskey block ... See full document
8
BISON - Instantiating the Whitened Swap-Or-Not Construction
... As we will show in detail, this allows to argue very convincingly that our instance is secure against differential attacks. Indeed, under standard assumptions, we can show that the probability of any (non-trivial) ... See full document
56
Related subjects