Dinur, Itai; Dunkelman, Orr; Keller, Nathan; Shamir, Adi Cryptanalysis of iterated Even-Mansour schemes with two keys. (English) Zbl 1306.94048 Sarkar, Palash (ed.) et al., Advances in cryptology – ASIACRYPT 2014. 20th international conference on the theory and application of cryptology and information security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Proceedings, Part I. Berlin: Springer (ISBN 978-3-662-45610-1/pbk). Lecture Notes in Computer Science 8873, 439-457 (2014). Summary: The iterated Even-Mansour (EM) scheme is a generalization of the original 1-round construction proposed in 1991 [S. Even and Y. Mansour, J. Cryptology 10, No. 3, 151–161 (1997; Zbl 1053.94552); Asiacrypt 1991, Lect. Notes Comput. Sci. 739, 210–224 (1993; Zbl 0808.94024)], and can use one key, two keys, or completely independent keys. In this paper, we methodically analyze the security of all the possible iterated Even-Mansour schemes with two \(n\)-bit keys and up to four rounds, and show that none of them provides more than \(n\)-bit security. Our attacks are based on a new cryptanalytic technique called multibridge which splits the cipher to different parts in a novel way, such that they can be analyzed independently, exploiting its self-similarity properties. After the analysis of the parts, the key suggestions are efficiently joined using a meet-in-the-middle procedure. As a demonstration of the multibridge technique, we devise a new attack on 4 steps of the LED-128 block cipher, reducing the time complexity of the best known attack on this scheme from \(2^{96}\) to \(2^{64}\). Furthermore, we show that our technique can be used as a generic key-recovery tool, when combined with some statistical distinguishers (like those recently constructed in reflection cryptanalysis of GOST and PRINCE).For the entire collection see [Zbl 1301.94003]. Cited in 7 Documents MSC: 94A60 Cryptography Keywords:cryptanalysis; meet-in-the-middle attacks; multibridge attack; iterated Even-Mansour; LED-128 Citations:Zbl 1053.94552; Zbl 0808.94024 Software:PRINCE PDFBibTeX XMLCite \textit{I. Dinur} et al., Lect. Notes Comput. Sci. 8873, 439--457 (2014; Zbl 1306.94048) Full Text: DOI