|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Rekeyable Ideal Cipher from a Few Random Oracles
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.
Reducing the security of a complex construction to that of a simpler primitive is one of the central methods of cryptography. Rather recently, in the domain of cryptographic hashing, such constructions as Merkle-Damgard and sponge based on a fixed-length random oracle (compression function or permutation) have been proven indifferentiable from a finite-length random oracle. Moreover, Feistel based on a fixed-length random oracle has been shown indifferentiable from a wider random oracle. In this talk we address the fundamental question of constructing an ideal cipher (consisting of exponentially many random oracles) from a small number of fixed-length random oracles.
In this talk, we show that the multiple Even-Mansour construction with 4 rounds, randomly drawn fixed underlying permutations and a bijective key schedule, is indifferentiable from ideal cipher. Our proof is accompanied by an efficient differentiability attack on multiple Even-Mansour with 3 rounds.
Practically speaking, we provide a construction of an ideal cipher as a set of exponentially many permutations from just as few as 4 permutations. On the theoretical side, this is result confirms the equivalence between ideal cipher and random oracle models.
This talk is part of the Microsoft Research Cambridge, public talks series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsHomerton Seminars Clinical ID talks 9th Annual Disability Lecture
Other talksBypassing the brave new world: reporting transgenic mice in the early 1980s The 2015 Tissue Engineering Congress Fast transient brain states Rock, paper, patents: between intellectual property and embodied knowledge Model systems to study embryonic patterning. anhedonia