Advertisement

New Key Recovery Attacks on Minimal Two-Round Even-Mansour Ciphers

  • Takanori IsobeEmail author
  • Kyoji Shibutani
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10624)

Abstract

We propose new key recovery attacks on the two minimal two-round n-bit Even-Mansour ciphers that are secure up to \(2^{2n/3}\) queries against distinguishing attacks proved by Chen et al. Our attacks are based on the meet-in-the-middle technique which can significantly reduce the data complexity. In particular, we introduce novel matching techniques which enable us to compute one of the two permutations without knowing a part of the key information. Moreover, we present two improvements of the proposed attack: one significantly reduces the data complexity and the other reduces the time complexity. Compared with the previously known attacks, our attack first breaks the birthday barrier on the data complexity although it requires chosen plaintexts. When the block size is 64 bits, our attack reduces the required data from \(2^{45}\) known plaintexts to \(2^{26}\) chosen plaintexts with keeping the time complexity required by the previous attacks. Furthermore, by increasing the time complexity up to \(2^{62}\), the required data is further reduced to \(2^{8}\), and \(DT = 2^{70}\), where DT is the product of data and time complexities. We show that our low-data attack on the minimal n-bit two-round Even-Mansour ciphers requires \(DT = 2^{n+6}\) in general cases. Since the proved lower bound on the required DT for the one-round n-bit Even-Mansour ciphers is \(2^n\), our results imply that adding one round to the one-round Even-Mansour ciphers does not sufficiently improve the security against key recovery attacks.

Keywords

Block cipher Even-Mansour ciphers Meet-in-the-middle attack Key recovery Partial invariable pair Matching with the input-restricted public permutation 

Notes

Acknowledgments

This work was supported in part by Grant-in-Aid for Young Scientist (B) (KAKENHI 17K12698) for Japan Society for the Promotion of Science.

References

  1. 1.
    Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.-X., Steinberger, J., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 45–62. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_5 CrossRefGoogle Scholar
  2. 2.
    Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229–240. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19574-7_16 CrossRefGoogle Scholar
  3. 3.
    Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round Even-Mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 39–56. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_3 CrossRefGoogle Scholar
  4. 4.
    Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327–350. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_19 CrossRefGoogle Scholar
  5. 5.
    Daemen, J.: Limitations of the Even-Mansour construction. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 495–498. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-57332-1_46 CrossRefGoogle Scholar
  6. 6.
    Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Key recovery attacks on 3-round Even-Mansour, 8-step LED-128, and full AES2. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 337–356. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42033-7_18 CrossRefGoogle Scholar
  7. 7.
    Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Key recovery attacks on iterated Even-Mansour encryption schemes. J. Cryptol. 29(4), 697–728 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the Even-Mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336–354. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_21 CrossRefGoogle Scholar
  9. 9.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210–224. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-57332-1_17 CrossRefGoogle Scholar
  10. 10.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Gaži, P.: Plain versus randomized cascading-based key-length extension for block ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 551–570. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_30 CrossRefGoogle Scholar
  12. 12.
    Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_1 CrossRefGoogle Scholar
  13. 13.
    Isobe, T.: A single-key attack on the full GOST block cipher. J. Cryptol. 26(1), 172–189 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Lampe, R., Patarin, J., Seurin, Y.: An asymptotically tight security analysis of the iterated Even-Mansour cipher. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 278–295. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_18 CrossRefGoogle Scholar
  15. 15.
    Nikolić, I., Wang, L., Wu, S.: Cryptanalysis of round-reduced LED. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 112–129. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43933-3_7 Google Scholar
  16. 16.
    Steinberger, J.P.: Improved security bounds for key-alternating ciphers via Hellinger distance. IACR Cryptology ePrint Archive 2012/481 (2012)Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  1. 1.University of HyogoKobeJapan
  2. 2.Nagoya UniversityNagoyaJapan

Personalised recommendations