Abstract : We show that a distinguishing attack in the related key model on an Even-Mansour block cipher can readily be converted into an extremely efficient key recovery attack. Concerned ciphers include in particular all iterated Even-Mansour schemes with independent keys. We apply this observation to the Caesar candidate Prøst-OTR and are able to recover the whole key with a number of requests linear in its size. This improves on recent forgery attacks in a similar setting.
https://hal.inria.fr/hal-01245365
Contributor : Pierre Karpman <>
Submitted on : Thursday, December 17, 2015 - 10:01:56 AM Last modification on : Thursday, March 5, 2020 - 6:30:07 PM
Pierre Karpman. From Distinguishers to Key Recovery: Improved Related-Key Attacks on Even-Mansour. Information Security Conference 2015, Sep 2015, Trondheim, Norway. ⟨10.1007/978-3-319-23318-5_10⟩. ⟨hal-01245365⟩