Secure key-alternating Feistel ciphers without key schedule
نویسندگان
چکیده
منابع مشابه
Security Analysis of Key-Alternating Feistel Ciphers
We study the security of key-alternating Feistel ciphers, a class of key-alternating ciphers with a Feistel structure. Alternatively, this may be viewed as the study of Feistel ciphers where the pseudorandom round functions are of the form Fi(x⊕ ki), where ki is the (secret) round key and Fi is a public random function that the adversary is allowed to query in a black-box way. Interestingly, ou...
متن کاملOn the Indifferentiability of Key-Alternating Feistel Ciphers with No Key Derivation
Feistel constructions have been shown to be indifferentiable from random permutations at STOC 2011. Whereas how to properly mix the keys into an un-keyed Feistel construction without appealing to domain separation technique to obtain a block cipher which is provably secure against known-key and chosen-key attacks (or to obtain an ideal cipher) remains an open problem. We study this, particularl...
متن کاملPractically secure Feistel ciphers
In this paper we give necessary design principles to be used, when constructing secure Feistel ciphers. We introduce a new concept, practical security against linear and di erential attacks on Feistel ciphers. We give examples of such Feistel ciphers (practically) resistant to di erential attacks, linear attacks and other attacks.
متن کاملTight Security Bounds for Key-Alternating Ciphers
A t-round key-alternating cipher (also called iterated Even-Mansour cipher) can be viewed as an abstraction of AES. It defines a cipher E from t fixed public permutations P1, . . . , Pt : {0, 1} → {0, 1} and a key k = k0‖ · · · ‖kt ∈ {0, 1} by setting Ek(x) = kt⊕Pt(kt−1⊕Pt−1(· · · k1⊕P1(k0⊕ x) · · · )). The indistinguishability of Ek from a truly random permutation by an adversary who also has ...
متن کاملOn the Indifferentiability of Key-Alternating Ciphers
The Advanced Encryption Standard (AES) is the most widely used block cipher. The high level structure of AES can be viewed as a (10-round) key-alternating cipher, where a t-round key-alternating cipher KAt consists of a small number t of fixed permutations Pi on n bits, separated by key addition: KAt(K,m) = kt ⊕ Pt(. . . k2 ⊕ P2(k1 ⊕ P1(k0 ⊕m)) . . . ), where (k0, . . . , kt) are obtained from ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Science China Information Sciences
سال: 2020
ISSN: 1674-733X,1869-1919
DOI: 10.1007/s11432-019-9938-0