Year-end Sale % OFF 
Abstract
Iterated Even---Mansour (IEM) scheme consists of a small number r of fixed n-bit permutations separated by $$r+1$$r+1 round-key additions. When the permutations are public, independent and random, and a common round key derived from the master key by an idealized non-invertible key derivation (KD) function is used, 5 rounds was proved sufficient to obtain (full) indifferentiability from ideal ciphers by Andreeva et al. (CRYPTO 2013). The KD can be a random oracle, or a Davies-Meyer construction from a random permutation. This work considers such IEM with non-invertible KD in the sequential indifferentiability model of Mandal et al. (TCC 2012). As results, this work shows that in both cases mentioned before, 3 rounds yields sequential indifferentiability from ideal ciphers. As Andreeva et al. has proved 3-round IEM with idealized invertible key derivations not sequentially indifferentiable (by exhibiting an attack), a definitive separation between IEM with invertible key derivations and IEM with non-invertible key derivations is established. This is the most important implication of the results in this work.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
