[cryptography] Just found about Even-Mansour

Sandy Harris sandyinchina at gmail.com
Tue Sep 23 09:04:46 EDT 2014


On Tue, Sep 23, 2014 at 2:47 AM, Ryan Carboni <ryacko at gmail.com> wrote:
> Just found about Even-Mansour scheme. Simplest possible cryptosystem,
> xor-permute-xor, and for a single round it is roughly as secure as half the
> block size, while two rounds have brute force security. If one only desires
> confidentiality against attacks faster then brute force, can't one generate
> subkeys using RC4, and use a two round substitution-permutation block cipher
> with key-dependent permutations and substitutions? Would only be useful for
> communication or storage, not hashing.
>
> Would be faster than AES, but AES needs to be secure against even
> distinguishing attacks while consumer crypto doesn't need as much security.

For one application, see:
https://aezoo.compute.dtu.dk/doku.php?id=enchilada


More information about the cryptography mailing list