Limitations of the Even-Mansour construction
In  a construction of a block cipher from a single pseudorandom permutation is proposed. In a complexity theoretical setting they prove that this scheme is secure against a polynomially bounded adversary. In this paper it is shown that this construction suffers from severe limitations that are immediately apparent if differential cryptanalysis  is performed. The fact that these limitations do not contradict the theoretical results obtained in  leads the authors to question the relevance of computational complexity theory in practical conventional cryptography.
Unable to display preview. Download preview PDF.
- S. Even, Y. Mansour, A Construction of a Cipher From a Single Pseudorandom Permutation, Lecture Notes in Computer Science, Proceedings Asiacrypt '91, Springer-Verlag 1992.Google Scholar
- J. Daemen, A Framework for the Design if One-Way Hash Functions Including Cryptanalysis of Damgård's One-Way Function Based on a Cellular Automaton, Lecture Notes in Computer Science, Proceedings Asiacrypt '91, Springer-Verlag 1992.Google Scholar
- E. Biham, A. Shamir, Differential Cryptanalysis of DES-like Cryptosystems, Abstracts of Crypto '90, 1–32.Google Scholar
- O. Goldreich, S. Goldwasser and S. Micali, How to Construct Random Functions, Proceedings of the 25th Annual Symposium on Foundations of Computer Science, October 24–26, 1984.Google Scholar