[1] Even S, Mansour Y. A construction of a cipher from a single pseudorandom permutation[C] //International Conference on the Theory and Application of Cryptology. Springer, Berlin, Heidelberg, 1991: 210-224
[2] Even, S., Mansour, Y. A construction of a cipher from a single pseudorandom permutation [J]. Journal of Cryptology, 10(3): 151-161
[3] Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). In: Koblitz, N. (ed.) CRYPT0 1996. LNCS, vol. 1109, pp. 252-267. Springer, Heidelberg (2002)
[4] Kilian J, Rogaway P. How to protect DES against exhaustive key search (an analysis of DESX)[J]. Journal of Cryptology, 2001, 14(1): 17-35
[5] Andreeva E, Bogdanov A, Dodis Y, et al. On the indifferentiability of key-alternating ciphers[M] //Advances in Cryptology–CRYPTO 2013. Springer, Berlin, Heidelberg, 2013: 531-550
[6] Barbosa M, Farshim P. The related-key analysis of feistel constructions[C] //International Workshop on Fast Software Encryption. Springer, Berlin, Heidelberg, 2014: 265-284
[7] Bogdanov A, Knudsen L R, Leander G, et al. Key-alternating ciphers in a provable setting: Encryption using a small number of public permutations[C] //Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2012: 45-62
[8] Cogliati B, Lampe R, Seurin Y. Tweaking even-mansour ciphers[C] //Annual Cryptology Conference. Springer, Berlin, Heidelberg, 2015: 189-208
[9] Dai Y, Seurin Y, Steinberger J, et al. Indifferentiability of Iterated Even-Mansour Ciphers with Non-idealized Key-Schedules: Five Rounds Are Necessary and Sufficient[C] //Annual International Cryptology Conference. Springer, Cham, 2017: 524-555
[10] Dinur I, Dunkelman O, Keller N, et al. Key recovery attacks on 3-round Even-Mansour, 8-step LED-128, and full AES 2[C] //International Conference on the Theory and Application of Cryptology and Information Security. Springer, Berlin, Heidelberg, 2013: 337-356
[11] Dinur I, Dunkelman O, Keller N, et al. Key recovery attacks on iterated Even–Mansour encryption schemes[J]. Journal of Cryptology, 2016, 29(4): 697-728
[12] Dunkelman O, Keller N, Shamir A. Slidex attacks on the Even–Mansour encryption scheme[J]. Journal of Cryptology, 2015, 28(1): 1-28
[13] Lampe R, Patarin J, Seurin Y. An asymptotically tight security analysis of the iterated even-mansour cipher[C] //International Conference on the Theory and Application of Cryptology and Information Security. Springer, Berlin, Heidelberg, 2012: 278-295
[14] Mouha N, Luykx A. Multi-key security: The Even-Mansour construction revisited[C] //Annual Cryptology Conference. Springer, Berlin, Heidelberg, 2015: 209-223
[15] Biham E, Shamir A. Differential cryptanalysis of the data encryption standard[M]. Springer Science & Business Media, 2012
[16]. Biryukov A, Wagner D. Slide attacks[C] //International Workshop on Fast Software Encryption. Springer, Berlin, Heidelberg, 1999: 245-259
[17] Biryukov A, Wagner D. Advanced slide attacks[C] //International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2000: 589-606
[18] Dunkelman O, Keller N, Shamir A. Minimalism in cryptography: The Even-Mansour scheme revisited[C] //Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, Heidelberg, 2012: 336-354
[19] Biham E. New types of cryptanalytic attacks using related keys[J]. Journal of Cryptology, 1994, 7(4): 229-246
[20] Biham E, Dunkelman O, Keller N. Improved slide attacks[C] //International Workshop on Fast Software Encryption. Springer, Berlin, Heidelberg, 2007: 153-166
[21] Furuya S. Slide attacks with a known-plaintext cryptanalysis[C] //International Conference on Information Security and Cryptology. Springer, Berlin, Heidelberg, 2001: 214-225
[22] Mathis F H. A generalized birthday problem[J]. SIAM Review, 1991, 33(2): 265-270
[23] Suzuki K, Tonien D, Kurosawa K, et al. Birthday paradox for multi-collisions[C] //International Conference on Information Security and Cryptology. Springer, Berlin, Heidelberg, 2006: 29-40
[24] Wagner D. A generalized birthday problem[C] //Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 2002: 288-304
|