Cryptology ePrint Archive: Report 2012/158

Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading

Peter Gazi and Stefano Tessaro

Abstract: We consider the question of efficiently extending the key length of block ciphers. To date, the approach providing highest security is triple encryption (used e.g. in Triple-DES), which was proved to have roughly k + min{n/2, k/2} bits of security when instantiated with ideal block ciphers with key length k and block length n, at the cost of three block-cipher calls per message block.

This paper presents a new practical key-length extension scheme exhibiting k + n/2 bits of security – hence improving upon the security of triple encryption – solely at the cost of two block cipher calls and a key of length k + n. We also provide matching generic attacks showing the optimality of the security level achieved by our approach with respect to a general class of two-query constructions.

Category / Keywords: secret-key cryptography / Block ciphers, Cascade encryption, Provable security.

Publication Info: A preliminary version of this paper appears in the proceedings of EUROCRYPT 2012. This is the full version.

Date: received 23 Mar 2012, last revised 24 Mar 2012

Contact author: peter gazi at inf ethz ch

Available format(s): PDF | BibTeX Citation

Version: 20120324:064137 (All versions of this report)

Short URL: ia.cr/2012/158

Discussion forum: Show discussion | Start new discussion