2016
DOI: 10.1007/978-3-662-53887-6_16
|View full text |Cite
|
Sign up to set email alerts
|

Salvaging Weak Security Bounds for Blockcipher-Based Constructions

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
8
0

Year Published

2017
2017
2020
2020

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 15 publications
(9 citation statements)
references
References 16 publications
1
8
0
Order By: Relevance
“…This is for instance the case for Men2, where the ideal-model results seem more representative than the standard-model ones. A similar observation was made by Shrimpton and Terashima [55], who introduce the ideal model under key-oblivious access as a weakened version of the ideal cipher model. As a general rule, it is always wise to interpret security results in any of the models with care.…”
Section: Generalizedsupporting
confidence: 64%
See 1 more Smart Citation
“…This is for instance the case for Men2, where the ideal-model results seem more representative than the standard-model ones. A similar observation was made by Shrimpton and Terashima [55], who introduce the ideal model under key-oblivious access as a weakened version of the ideal cipher model. As a general rule, it is always wise to interpret security results in any of the models with care.…”
Section: Generalizedsupporting
confidence: 64%
“…For different schemes, it may be the other way around. A potential approach to go is to weaken the ideal-model, an approach for instance followed by Shrimpton and Terashima [55], yet, this approach is ultimately still an ideal-model approach.…”
Section: How Do the Standard And Ideal Model Compare And What Are Thmentioning
confidence: 99%
“…This mode works with an n-bit key that is then used to generate a fresh key for the second cipher. It is known that BBB proofs for such rekeying-based modes have to rely on the Ideal Cipher Model (ICM) [BKR98,ST16,Men17]. Therefore, we follow this and prove RHM H,E unforgeable against leakage up to asymptotically optimal 2 n /n queries.…”
Section: Introductionmentioning
confidence: 89%
“…This term comes from the construction of XKX, where q-blockcipher's keys are defined via the first tweak function. As mentioned in [ST16], the hybrid factor is not real, but rather an artifact of the proof technique, and this term might be improved by analyzing the term in the ideal cipher model (ICM). On the other hand, the ICM analysis provides only a security heuristic, and seems particularly inappropriate when the underlying blockcipher is know to have obvious non-ideal behavior for certain weak-key class matters, or to suffer from related-key attack.…”
Section: Study Of the Key Terms Q • Adv Sprp E (A E ) And Adv Prf F (mentioning
confidence: 99%