[Cryptography] Based on Even Mansour
Jonathan Katz
jkatz at cs.umd.edu
Mon Sep 29 17:50:55 EDT 2014
On Thu, Sep 25, 2014 at 9:09 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> Based on Even Mansour, wouldn't even the most basic block ciphers be
> secure as long as the key size was half of the block size?
>
There seems to be a misunderstanding about what Even-Mansour show.
The Even-Mansour analysis shows that given access to a public (unkeyed),
truly random permutation, it is possible to construct a secure (keyed)
block cipher.
In practice, however, we don't have public random permutations. Instead, we
build block ciphers from "somewhat random-looking" permutations that I will
call round functions. Because these are far from random, block ciphers in
practice do not use a single round function, but instead use many rounds.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140929/6db72750/attachment.html>
More information about the cryptography
mailing list