BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Rekeyable Ideal Cipher from a Few Random Oracles - Elena Andreeva\
 , K.U. Leuven
DTSTART:20120423T130000Z
DTEND:20120423T140000Z
UID:TALK37621@talks.cam.ac.uk
CONTACT:Microsoft Research Cambridge Talks Admins
DESCRIPTION:Reducing the security of a complex construction to that of a s
 impler primitive is one of the central methods of cryptography.\nRather re
 cently\, in the domain of cryptographic hashing\, such constructions as Me
 rkle-Damgard and sponge based on a fixed-length random oracle (compression
  function or permutation) have been proven indifferentiable from a finite-
 length random oracle. Moreover\, Feistel based on a fixed-length random or
 acle has been shown indifferentiable from a wider random oracle. In this t
 alk we address the fundamental question of constructing an ideal cipher (c
 onsisting of exponentially many random oracles) from a small number of fix
 ed-length random oracles.\n\nIn this talk\, we show that the multiple Even
 -Mansour construction with\n4 rounds\, randomly drawn fixed underlying per
 mutations and a bijective key schedule\, is indifferentiable from ideal ci
 pher. Our proof is accompanied by an efficient differentiability attack on
  multiple Even-Mansour with 3 rounds.\n\nPractically speaking\, we provide
  a construction of an ideal cipher as a set of exponentially many permutat
 ions from just as few as 4 permutations. On the theoretical side\, this is
  result confirms the equivalence between ideal cipher and random oracle mo
 dels.
LOCATION:Small lecture theatre\, Microsoft Research Ltd\, 7 J J Thomson Av
 enue (Off Madingley Road)\, Cambridge
END:VEVENT
END:VCALENDAR