We obtain the first proof that composition actually increases the security in some meaningful sense. We compute a bound on the probability of breaking the double cipher as a function of the number of computations of the base cipher made, and the number of examples of the composed cipher seen, and show that the success probability is the square of that for a single key cipher. The same bound holds for the two-key triple cipher. The first bound is tight and shows that meet in the middle is the best possible generic attack against the double cipher.
Category / Keywords: DES, Double DES, cipher, block cipher, cascade, composition, Shannon. Publication Info: Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive. Date: received August 31st, 1998. Contact author: mihir at cs ucsd edu Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation Short URL: ia.cr/1998/023 Discussion forum: Show discussion | Start new discussion