Modern cryptography security relies on the computational difficulty¹ to break ciphers rather than on the theoretical impossibility to break them. If adversaries have enough resources and time, they can break any cipher. The security analysis of block ciphers and their modes of operation is a wide field in cryptography. One approach to address the security of ciphers is to show how it is hard for adversaries to break ciphers given the resources they can use. The adversaries have access to black boxes (called oracles) associated with the ciphers to attack and they try to guess some information through the exploitation of chosen plaintexts and ciphertexts. Consequently, information inference is probabilistic. The information inferred through querying a black-box is measured in terms of adversary advantage. Secure ciphers are those ciphers for which the advantage of adversaries is negligible if their resources and time remain below some limits. The analysis of different scenarios of attacks is an approach to assess the security of ciphers from a probabilistic point of view. In particular, security analysis aims to define bounds beyond which the use of some ciphers may become insecure.

Security analysis is based on oracles, in particular oracles modeling the encryption, decryption, MAC generation, and MAC verification operations. The cipher to analyze is put in the worst conditions; i.e. the adversaries can choose any plaintexts ...