We show that a distinguishing attack in the related key model on an Even-Mansour block cipher can readily be converted into an extremely efficient key recovery attack. Concerned ciphers include in particular all iterated Even-Mansour schemes with independent keys.We apply this observation to the Caesar candidate Prøst-OTR and are able to recover the whole key with a number of requests linear in its size. This improves on recent forgery attacks in a similar setting.
CITATION STYLE
Karpman, P. (2015). From distinguishers to key recovery: Improved related-key attacks on even-mansour. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9290, pp. 177–188). Springer Verlag. https://doi.org/10.1007/978-3-319-23318-5_10
Mendeley helps you to discover research relevant for your work.