Description
The Even-Mansour (EM) encryption scheme received a lot of attention in the last couple of years due to its exceptional simplicity and tight security proofs. The original $1$-round construction was naturally generalized into $r$-round structures with one key, two alternating keys, and completely independent keys.<br/> In this talk I will describe the first key recovery attack on the one-key 3-round version of EM which is faster than exhaustive search. I will then show how to use the new cryptanalytic techniques in order to improve the best known attacks on several concrete EM-like schemes such as the block cipher LED.<br/> The talk will be mostly self-contained and intended to a wide audience. Based on joint work with Orr Dunkelman, Nathan Keller and Adi Shamir.