Abstract The iterated Even-Mansour cipher is a construction of a block cipher from r public
permutations P_1, ..., P_r which abstracts in a generic way the structure of key-alternating …

The sum of two n-bit pseudorandom permutations is known to behave like a pseudorandom
function with n bits of security. A recent line of research has investigated the security of two …

Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at
ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. A …

We show that the Feistel construction with six rounds and random round functions is publicly
indifferentiable from a random invertible permutation (a result that is not known to hold for …

Incompressibility is one of the most fundamental security goals in white-box cryptography.
Given recent advances in the design of efficient and incompressible block ciphers such as …

We reconsider the formalization of known-key attacks against ideal primitive-based block
ciphers. This was previously tackled by Andreeva, Bogdanov, and Mennink (FSE 2013), who …

In a digital signature scheme with message recovery, rather than transmitting the message
m and its signature σ, a single enhanced signature τ is transmitted. The verifier is able to …

We consider a transform, called Derive-then-Derandomize, that hardens a given signature
scheme against randomness failure and implementation error. We prove that it works. We …

Cryptographic standards published by organizations like NIST, ISO, and the IETF provide
guidance for developers choosing and implementing cryptographic algorithms for their …

In this dissertation, we focus on designing secure symmetric-key schemes by identifying
flaws, proposing new constructions, and providing rigorous security proofs against classical …