Security Model. 3.1. We settle the basic notation of distinguishers in Sect. 3.2. For reference, the black-box duplex security model of Daemen et al. [15] is treated in Sect. 3.3. We lift the model to leakage resilience in Sect. 3.4. 3.1 Sampling of Keys D ←−− { } The duplex construction of Sect. 2 is based on an array of u k-bit keys. These keys may be generated uniformly at random, as K DK ( 0, 1 k)u. In our analysis of leakage resilience, however, we will require the scheme to be still secure if the keys are not uniformly random but as long as they have sufficient min-entropy. ▇▇▇▇▇▇▇▇▇▇, we will adopt the approach of Daemen et al. [15] to consider keys sampled using a distribution K , that distributes the key independently1 and with sufficient min-entropy, i.e., for which D∞ δ H ( K ) = min ∈[1,u] H∞(K[δ]) is sufficiently high. Note that if DK is the random distribution, H∞(DK ) = k.
Appears in 2 contracts
Sources: End User Agreement, End User Agreement