|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
Rekeyable Ideal Cipher from a Few Random Oracles
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins.
Reducing the security of a complex construction to that of a simpler primitive is one of the central methods of cryptography. Rather recently, in the domain of cryptographic hashing, such constructions as Merkle-Damgard and sponge based on a fixed-length random oracle (compression function or permutation) have been proven indifferentiable from a finite-length random oracle. Moreover, Feistel based on a fixed-length random oracle has been shown indifferentiable from a wider random oracle. In this talk we address the fundamental question of constructing an ideal cipher (consisting of exponentially many random oracles) from a small number of fixed-length random oracles.
In this talk, we show that the multiple Even-Mansour construction with 4 rounds, randomly drawn fixed underlying permutations and a bijective key schedule, is indifferentiable from ideal cipher. Our proof is accompanied by an efficient differentiability attack on multiple Even-Mansour with 3 rounds.
Practically speaking, we provide a construction of an ideal cipher as a set of exponentially many permutations from just as few as 4 permutations. On the theoretical side, this is result confirms the equivalence between ideal cipher and random oracle models.
This talk is part of the Microsoft Research Cambridge, public talks series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsCQIF Seminar New Thinking In Economics Religion and the Idea of a Research University
Other talksGRAND ROUNDS Pleasure and Well-Being Postcapitalist practices of communing and a performative politics of assemblage Simple and multiple linear regression IET Prestige Lecture: 3D printing and human medicine. Be The Change Cambridge