2014 | OriginalPaper | Chapter
Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys
Authors : Itai Dinur, Orr Dunkelman, Nathan Keller, Adi Shamir
Published in: Advances in Cryptology – ASIACRYPT 2014
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
The iterated Even-Mansour (EM) scheme is a generalization of the original 1-round construction proposed in 1991, and can use one key, two keys, or completely independent keys. In this paper, we methodically analyze the security of all the possible iterated Even-Mansour schemes with two
n
-bit keys and up to four rounds, and show that none of them provides more than
n
-bit security. Our attacks are based on a new cryptanalytic technique called
multibridge
which splits the cipher to different parts in a novel way, such that they can be analyzed independently, exploiting its self-similarity properties. After the analysis of the parts, the key suggestions are efficiently joined using a meet-in-the-middle procedure.
As a demonstration of the multibridge technique, we devise a new attack on 4 steps of the LED-128 block cipher, reducing the time complexity of the best known attack on this scheme from 2
96
to 2
64
. Furthermore, we show that our technique can be used as a generic key-recovery tool, when combined with some statistical distinguishers (like those recently constructed in reflection cryptanalysis of GOST and PRINCE).