Paper 2007/109
How to Enrich the Message Space of a Cipher
Thomas Ristenpart and Phillip Rogaway
Abstract
Given (deterministic) ciphers $\calE$ and~$E$ that can encipher messages of $\el$ and $n$ bits, respectively, we construct a cipher~$\calE^*=XLS[\calE,E]$ that can encipher messages of $\el+s$ bits for any $s<n$. Enciphering such a string will take one call to~$\calE$ and two calls to~$E$. We prove that~$\calE^*$ is a strong pseudorandom permutation as long as~$\calE$ and~$E$ are. Our construction works even in the tweakable and VIL (variable-input-length) settings. It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provable-security result.
Note: Revised paper to include a retraction notice.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Preliminary version appears in FSE 2007.
- Keywords
- Deterministic encryptionenciphering schemesymmetric encryptionlength-preserving encryptionmultipermutation
- Contact author(s)
- rist @ cs wisc edu
- History
- 2015-02-27: revised
- 2007-03-26: received
- See all versions
- Short URL
- https://ia.cr/2007/109
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/109, author = {Thomas Ristenpart and Phillip Rogaway}, title = {How to Enrich the Message Space of a Cipher}, howpublished = {Cryptology {ePrint} Archive, Paper 2007/109}, year = {2007}, url = {https://eprint.iacr.org/2007/109} }