**Title: Practical Decorrelation**

**Abstract:**

In the first part of this talk we will recall several essential results of Serge Vaudenay's Decorrelation Theory. In particular we will review some of the basic tools which make it possible to prove the security of a block cipher in the Luby-Rackoff model. In this model, a computationally unbounded adversary tries to distinguish a random instance of a block cipher from a permutation drawn uniformly at random among all possible permutations (often referred to as "the perfect cipher"), the only limitations being the number of plaintext/ciphertext pairs available. In the second part of this talk, we will give two practical block cipher examples for which security can be proven using the above-mentioned techniques. More precisely, we will review the block cipher C (and detail the reasons why it is indistinguishable from the perfect cipher on the basis of two plaintext/ciphertext pairs) and the block cipher KFC (which presumably achieves higher levels of security, at the price of a large penalty in terms of efficiency).

This talk will essentially rely of Serge Vaudenay's Journal of Cryptology article on the Decorrelation Theory and on some joint work with Matthieu Finiasz.

baigneres_practical_decorrelation.pdf

"BAIGNERES Thomas" is mentioned on: Home | Participants