Simplification on Even-Mansour Scheme Attacks

Even-Mansour 스킴 공격방법의 간략화

  • 김홍태 (공군사관학교/기초과학과)
  • Received : 2016.08.22
  • Accepted : 2016.12.22
  • Published : 2016.12.31

Abstract

Block cipher is one of the prominent and important elements in cryptographic systems and study on the minimal construction is a major theme in the cryptographic research. Even and Mansour motivated by the study suggested a kind of block cipher called the Even-Mansour scheme in the early 1990s. It is a very simple cipher with one permutation and two secret keys. There have been many studies on the Even-Mansour scheme and security analysis of the scheme. We explain the Even-Mansour scheme and simplify those attacks on the Even-Mansour scheme with mathematical language. Additionally, we show that Pollard's rho attack to the discrete logarithm problem can be used to attack the Even-Mansour scheme with the same complexity of the Pollard's rho attack.

블록암호는 암호시스템 중에서 두드러지면서 중요한 부분이며, 최소의 구조를 갖는 것에 관한 연구는 암호학 연구에서 주요한 주제 중의 하나이다. 최소의 구조에 관해 관심을 갖던 Even과 Mansour는 1990년대 초반에 Even-Mansour 스킴이라고 불리는 일종의 블록암호를 제안하였다. Even-Mansour 스킴은 하나의 치환과 두 개의 비밀키를 가지는 매우 간단한 암호이다. 이러한 Even-Mansour 스킴과 그의 안전성 분석에 관한 많은 연구들이 이루어져 왔다. 우리는 Even-Mansour 스킴을 설명하고 이 스킴의 공격방법에 대해 수학적인 언어를 이용하여 단순화한다. 추가적으로, 우리는 이산로그를 공격할 때 사용하는 Pollard rho 공격과 동일한 계산량으로 Pollard rho 공격을 Even-Mansour 스킴의 공격에 적용할 수 있음을 보인다.

Keywords

References

  1. E. Andreeva, A. Bogdanov, Y. Dodis, B. Mennink and J. P. Steinberger, "On the Indifferentiability of Key-Alternating Ciphers", Advances in Cryptology - CRYPTO 2013, LNCS Vol. 8042, pp. 531-550, 2013.
  2. K. Aoki, T. Ichikawa, M. Kanda, M. Matsui, S. Moriai, J. Nakajima and T. Tokita, "Specification of Camellia - a 128-bit Block Cipher", http://info.isl.ntt.co.jp/camellia/, 2000.
  3. E. Biham and A. Biryukov, "An Improvement of Davies' Attack on DES", Journal of Cryptology, Vol. 10, No. 3, pp. 195-206, 1997. https://doi.org/10.1007/s001459900027
  4. E. Biham, O. Dunkelman and N. Keller, "Enhancing Differential-Linear Cryptanalysis", Advances in Cryptology-ASIACRYPT 2002, LNCS Vol. 2501, pp. 254-266, 2002.
  5. E. Biham and A. Shamir, "Differential Cryptanalysis of DES-like Cryptosystems", Advances in Cryptology - CRYPTO 1990, LNCS Vol. 537, pp. 2-21, 1990.
  6. A. Biryukov and D. Wagner, "Advanced Slide Attacks", Advances in Cryptology - EUROCRYPT 2000, LNCS Vol. 1807, pp. 589-606, 2000.
  7. A. Bogdanov, L. R. Knudsen, G. Leander, F. Standaert, J. Steinberger and E. Tischhauser, "Key-Alternating Ciphers in a Provable Setting: Encryption Using a Small Number of Public Permutations", Advances in Cryptology - EUROCRYPT 2012, LNCS Vol. 7237, pp. 45-62, 2012.
  8. S. Chen, R. Lampe, J. Lee, Y. Seurin and J. P. Steinberger, "Minimizing the two-round Even-Mansour cipher", Advances in Cryptology - CRYPTO 2014, LNCS Vol. 8616, pp. 39-56, 2014.
  9. S. Chen and J. P. Steinberger, "Tight Security Bounds for Key-Alternating Ciphers", Advances in Cryptology - EUROCRYPT 2014, LNCS Vol. 8441, pp. 327-350, 2014.
  10. J. Daemen, "Limitations of the Even-Mansour Construction", Advances in Cryptology - ASIACRYPT 1991, LNCS Vol. 739, pp. 495-498, 1993.
  11. Y. Dai, J. Lee, B. Mennink and J. P. Steinberger, "The Security of Multiple Encryption in the Ideal Cipher Model", Advances in Cryptology - CRYPTO 2014, LNCS Vol. 8616, pp. 20-38, 2014.
  12. I. Dinur, O. Dunkelman, N. Keller and A. Shamir, "Key Recovery Attacks on 3-round Even-Mansour, 8-step LED-128, and Full AES2". Advances in Cryptology - ASIACRYPT 2013, LNCS Vol. 8269, pp. 337-356, 2013.
  13. I. Dinur, O. Dunkelman, N. Keller and A. Shamir, "Cryptanalysis of Iterated Even-Mansour Schemes with Two Keys", Advances in Cryptology - ASIACRYPT 2014, LNCS Vol. 8873, pp. 439-457, 2014.
  14. O. Dunkelman, N. Keller and A. Shamir, "Minimalism in Cryptography: The Even-Mansour Scheme Revisited", Advances in Cryptology - EUROCRYPT 2012, LNCS Vol. 7237, pp. 336-354, 2012.
  15. S. Even and Y. Mansour, "A Construction of a Cipher from a Single Pseudorandom Permutation", Advances in Cryptology - ASIACRYPT 1991, LNCS Vol. 739, pp. 210-224, 1993.
  16. S. Even and Y. Mansour, "A Construction of a Cipher from a Single Pseudorandom Permutation", Journal of Cryptology, Vol. 10, No. 3, pp. 151-162, 1997. https://doi.org/10.1007/s001459900025
  17. FIPS PUB 46: Data Encryption Standard (DES). National Institute of Standards and Technology, 1977.
  18. FIPS PUB 197: Advanced Encryption Standard (AES). National Institute of Standards and Technology, 2001.
  19. P. Gazi and S. Tessaro, "Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading", Advances in Cryptology - EUROCRYPT 2012, LNCS Vol. 7237, pp. 63-80, 2012.
  20. D. Kwon, J. Kim, S. Park, S. H. Sung, Y. Sohn, J. H. Song, Y. Yeom, E. J. Yoon, S. Lee, J. Lee, S. Chee, D. Han and J. Hong, "New Block Cipher: ARIA", ICISC 2003, LNCS Vol. 2971, pp. 432-445, 2003.
  21. X. Lai and J. L. Massey, "A Proposal for a New Block Encryption Standard", Advances in Cryptology - EUROCRYPT 1990, LNCS Vol. 473, pp. 389-404, 1991.
  22. M. Matsui, "Linear Cryptanalysis Method for DES Cipher", Advances in Cryptology - EUROCRYPT 1993, LNCS Vol. 765, pp. 386-397, 1993.
  23. M. Matsui, "The First Experimental Cryptanalysis of the Data Encryption Standard", Advances in Cryptology - CRYPTO 1994, LNCS Vol. 839, pp. 1-11, 1994.
  24. M. Matsui, "Block encryption algorithm MISTY", proceedings of Fast Software Encryption 1997, LNCS Vol. 1267, pp. 64-74, 1997.
  25. C. E. Shannon, "Communication theory of secrecy systems", Bell System Technical Journal, Vol. 28, pp. 656-715, 1949. https://doi.org/10.1002/j.1538-7305.1949.tb00928.x
  26. 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, V3.1.1, 2001.