Microsoft Research Cambridge, public talks
Rekeyable Ideal Cipher from a Few Random Oracles
Elena Andreeva, K.U. Leuven
20120423T140000
20120423T150000
Reducing the security of a complex construction to
that of a simpler primitive is one of the central
methods of cryptography.\nRather recently\, in th
e domain of cryptographic hashing\, such construct
ions as Merkle-Damgard and sponge based on a fixed
-length random oracle (compression function or per
mutation) have been proven indifferentiable from a
finite-length random oracle. Moreover\, Feistel b
ased on a fixed-length random oracle has been show
n indifferentiable from a wider random oracle. In
this talk we address the fundamental question of c
onstructing an ideal cipher (consisting of exponen
tially many random oracles) from a small number of
fixed-length random oracles.\n\nIn this talk\, we
show that the multiple Even-Mansour construction
with\n4 rounds\, randomly drawn fixed underlying p
ermutations and a bijective key schedule\, is indi
fferentiable from ideal cipher. Our proof is accom
panied by an efficient differentiability attack on
multiple Even-Mansour with 3 rounds.\n\nPractical
ly speaking\, we provide a construction of an idea
l cipher as a set of exponentially many permutatio
ns from just as few as 4 permutations. On the theo
retical side\, this is result confirms the equival
ence between ideal cipher and random oracle models
.
LOCATION:Small lecture theatre\, Microsoft Research Ltd\, 7
J J Thomson Avenue (Off Madingley Road)\, Cambrid
ge
Microsoft Research Cambridge Talks Admins
