• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.35-42
• /
• 2007

We describe the problem of reducing the key material in the Even-Mansour cipher without security degradation. Even and Mansour proposed a block cipher based on XORing secret key material just prior to and after applying random oracle permutation P such that $C=k_2\bigoplus P(M\bigoplus k_1)$. Recently, Gentry and Ramzan showed that this scheme in the random permutation oracle can be replaced by the four-round Feistel network construction in the random function oracle and also proved that their scheme is super-pseudorandom. In this paper we reduce the key size from 2n to n, which is the optimal key size of Even-Mansour cipher in the random function oracle model and also give almost the same level of security.

• Convergence Security Journal
• /
• v.16 no.7
• /
• pp.85-91
• /
• 2016

Block cipher is one of the prominent and important elements in cryptographic systems and study on the minimal construction is a major theme in the cryptographic research. Even and Mansour motivated by the study suggested a kind of block cipher called the Even-Mansour scheme in the early 1990s. It is a very simple cipher with one permutation and two secret keys. There have been many studies on the Even-Mansour scheme and security analysis of the scheme. We explain the Even-Mansour scheme and simplify those attacks on the Even-Mansour scheme with mathematical language. Additionally, we show that Pollard's rho attack to the discrete logarithm problem can be used to attack the Even-Mansour scheme with the same complexity of the Pollard's rho attack.

• Convergence Security Journal
• /
• v.20 no.1
• /
• pp.9-14
• /
• 2020

There have been many papers on minimalism of cryptography. Secure minimal block cipher is one of these topics and Even and Mansour suggested a simple block cipher. The Even-Mansour scheme is a block cipher with one permutation and two whitening keys. Studying related to the Even-Mansour scheme gives great insight into the security and design of block cipher. There have been suggested many trials to analyze the security of the Even-Mansour scheme and variants of the Even-Mansour scheme. We present a new variant of the Even-Mansour scheme and introduce a variant of the Even-Mansour scheme. We focus on the security of these variants of the Even-Mansour scheme and present variation of the security according to key size. We prove the security of a variant of the Even-Mansour scheme and show that a generalized Even-Mansour scheme is not proper for a minimal block cipher.