TY - GEN

T1 - Construction of a cipher single pseudorandom permutation

AU - Even, Shimon

AU - Mansour, Yishay

N1 - Publisher Copyright:
© 1993, Springer Verlag. All rights reserved.

PY - 1993

Y1 - 1993

N2 - Shannon defined a random cipher as a collection of randomly chosen permutations, one for each value of the key. We suggest a scheme for a block cipher which uses only one randomly chosen permutation, F. The key, consisting of two blocks, K1 and K2 is used in the following way: The message block is XOtted with K1 before applying F, and the outcome is XORed with K2, to produce the cryptogram block. This removes the need to store, or generate a multitude of permutations. Although the resulting cipher is not random, we claim that it is secure. First, it is shown that if F is chosen randomly then, with high probability the scheme is secure against any polynomial-time algorithmic attack. Next, it is shown that if F is chosen pseudorandomly, the system remains secure against oracle-type attacks. The scheme may lead to a system more efficient than systems such as the DES and its siblings, since the designer has to worry about one thing only: How to implement one pseudorandomly chosen permutation. This may be easier than getting one for each key.

AB - Shannon defined a random cipher as a collection of randomly chosen permutations, one for each value of the key. We suggest a scheme for a block cipher which uses only one randomly chosen permutation, F. The key, consisting of two blocks, K1 and K2 is used in the following way: The message block is XOtted with K1 before applying F, and the outcome is XORed with K2, to produce the cryptogram block. This removes the need to store, or generate a multitude of permutations. Although the resulting cipher is not random, we claim that it is secure. First, it is shown that if F is chosen randomly then, with high probability the scheme is secure against any polynomial-time algorithmic attack. Next, it is shown that if F is chosen pseudorandomly, the system remains secure against oracle-type attacks. The scheme may lead to a system more efficient than systems such as the DES and its siblings, since the designer has to worry about one thing only: How to implement one pseudorandomly chosen permutation. This may be easier than getting one for each key.

UR - http://www.scopus.com/inward/record.url?scp=85029454400&partnerID=8YFLogxK

U2 - 10.1007/3-540-57332-1_17

DO - 10.1007/3-540-57332-1_17

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85029454400

SN - 9783540573326

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 210

EP - 224

BT - Advances in Cryptology ─ ASIACRYPT 1991 - International Conference on the Theory and Application of Cryptology, Proceedings

A2 - Imai, Hideki

A2 - Matsumoto, Tsutomu

A2 - Rivest, Ronald L.

PB - Springer Verlag

T2 - 1st International Conference on the Theory and Application of Cryptology, ASIACRYPT 1991

Y2 - 11 November 1991 through 14 November 1991

ER -