Description: Talk at crypto 2013. Authors: Elena Andreeva, Andrey Bogdanov, Yevgeniy Dodis, Bart Mennink, John P. Steinberger
Abstract
The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KA t consists of a small number t of fixed permutations P i on n bits, separated by key addition: KAt(K,m)=kt⊕Pt(…k2⊕P2(k1⊕P1(k0⊕m))…), where (k 0,…,k t ) are obtained from the master key K using some key derivation function.
For t = 1, KA1 collapses to the well-known Even-Mansour cipher, which is known to be indistinguishable from a (secret) random permutation, if P 1 is modeled as a (public) random permutation. In this work we seek for stronger security of key-alternating ciphers — indifferentiability from an ideal cipher — and ask the question under which conditions on the key derivation function and for how many rounds t is the key-alternating cipher KA t indifferentiable from the ideal cipher, assuming P 1,…,P t are (public) random permutations?
As our main result, we give an affirmative answer for t = 5, showing that the 5-round key-alternating cipher KA5 is indifferentiable from an ideal cipher, assuming P 1,…,P 5 are five independent random permutations, and the key derivation function sets all rounds keys k i = f(K), where 0 ≤ i ≤ 5 and f is modeled as a random oracle. Moreover, when |K| = |m|, we show we can set f(K) = P 0(K) ⊕ K, giving an n-bit block cipher with an n-bit key, making only six calls to n-bit permutations P 0,P 1,P 2,P 3,P 4,P 5.
For More Information please visit :- http://www.iacr.org/conferences/crypto2013/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.