Cryptology ePrint Archive: Report 2016/578

Key-alternating Ciphers and Key-length Extension: Exact Bounds and Multi-user Security

Viet Tung Hoang and Stefano Tessaro

Abstract: The best existing bounds on the concrete security of key-alternating ciphers (Chen and Steinberger, EUROCRYPT '14) are only asymptotically tight, and the quantitative gap with the best existing attacks remains numerically substantial for concrete parameters. Here, we prove exact bounds on the security of key-alternating ciphers and extend them to XOR cascades, the most efficient construction for key-length extension. Our bounds essentially match, for any possible query regime, the advantage achieved by the best existing attack.

Our treatment also extends to the multi-user regime. We show that the multi-user security of key-alternating ciphers and XOR cascades is very close to the single-user case, i.e., given enough rounds, it does not substantially decrease as the number of users increases. On the way, we also provide the first explicit treatment of multi-user security for key-length extension, which is particularly relevant given the significant security loss of block ciphers (even if ideal) in the multi-user setting. The common denominator behind our results are new techniques for information-theoretic indistinguishability proofs that both extend and refine existing proof techniques like the H-coefficient method.

Category / Keywords: secret-key cryptography / Symmetric cryptography, block ciphers, provable security, tightness, multi-user security

Original Publication (with major differences): IACR-CRYPTO-2016

Date: received 3 Jun 2016, last revised 7 Mar 2017

Contact author: hviettung at gmail com

Available format(s): PDF | BibTeX Citation

Note: A proceeding version of this paper appears in CRYPTO 2016.

Version: 20170308:045954 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]