University of Cambridge > > Microsoft Research Cambridge, public talks > Rekeyable Ideal Cipher from a Few Random Oracles

Rekeyable Ideal Cipher from a Few Random Oracles

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.

Reducing the security of a complex construction to that of a simpler primitive is one of the central methods of cryptography. Rather recently, in the domain of cryptographic hashing, such constructions as Merkle-Damgard and sponge based on a fixed-length random oracle (compression function or permutation) have been proven indifferentiable from a finite-length random oracle. Moreover, Feistel based on a fixed-length random oracle has been shown indifferentiable from a wider random oracle. In this talk we address the fundamental question of constructing an ideal cipher (consisting of exponentially many random oracles) from a small number of fixed-length random oracles.

In this talk, we show that the multiple Even-Mansour construction with 4 rounds, randomly drawn fixed underlying permutations and a bijective key schedule, is indifferentiable from ideal cipher. Our proof is accompanied by an efficient differentiability attack on multiple Even-Mansour with 3 rounds.

Practically speaking, we provide a construction of an ideal cipher as a set of exponentially many permutations from just as few as 4 permutations. On the theoretical side, this is result confirms the equivalence between ideal cipher and random oracle models.

This talk is part of the Microsoft Research Cambridge, public talks series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2022, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity