Abstract
We suggest a scheme for a block cipher which uses only one randomly chosen permutation,F. The key, consisting of two blocks,K 1 andK 2, is used in the following way. The message block is XORed withK 1 before applyingF, and the outcome is XORed withK 2, to produce the cryptogram block. We show that the resulting cipher is secure (when the permutation is random or pseudorandom). This removes the need to store, or generate a multitude of permutations.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
J. Daemen, Limitations of the Even-Mansour construction,Proceedings of AisaCrypt, 1991.
M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions,SIAM J. Comput., Vol. 17, No. 2, 1988, pp. 373–386.
National Bureau of Standards,Data Encryption Standard, Federal Information Processing Standard, U.S. Department of Commerce, FIPS PUB 46, Washington, DC, 1977.
C. E. Shannon, Communication theory of secrecy systems,Bell System Tech. J., Vol. 28, 1949, pp. 656–715.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Oded Goldreich
Shimon Even was supported by the Fund for the Promotion of Research at the Technion, and by Bellcore, Morristown, NJ 07940, U.S.A. Part of the work was done while Yishay Mansour was in the IBM T.J. Watson Research Center.
Rights and permissions
About this article
Cite this article
Even, S., Mansour, Y. A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10, 151–161 (1997). https://doi.org/10.1007/s001459900025
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/s001459900025