[cryptography] Just found about Even-Mansour

Ryan Carboni ryacko at gmail.com
Tue Sep 23 02:47:50 EDT 2014

Just found about Even-Mansour scheme. Simplest possible cryptosystem,
xor-permute-xor, and for a single round it is roughly as secure as half the
block size, while two rounds have brute force security. If one only desires
confidentiality against attacks faster then brute force, can't one generate
subkeys using RC4, and use a two round substitution-permutation block
cipher with key-dependent permutations and substitutions? Would only be
useful for communication or storage, not hashing.

Would be faster than AES, but AES needs to be secure against even
distinguishing attacks while consumer crypto doesn't need as much security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140922/d362cd14/attachment.html>

More information about the cryptography mailing list