Paper 2007/109

How to Enrich the Message Space of a Cipher

Thomas Ristenpart and Phillip Rogaway

Abstract

Given (deterministic) ciphers \calE and~E that can encipher messages of \el and n bits, respectively, we construct a cipher~\calE=XLS[\calE,E] that can encipher messages of \el+s bits for any s<n. Enciphering such a string will take one call to~\calE and two calls to~E. We prove that~\calE is a strong pseudorandom permutation as long as~\calE and~E are. Our construction works even in the tweakable and VIL (variable-input-length) settings. It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provable-security result.

Note: Revised paper to include a retraction notice.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Preliminary version appears in FSE 2007.
Keywords
Deterministic encryptionenciphering schemesymmetric encryptionlength-preserving encryptionmultipermutation
Contact author(s)
rist @ cs wisc edu
History
2015-02-27: revised
2007-03-26: received
See all versions
Short URL
https://ia.cr/2007/109
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/109,
      author = {Thomas Ristenpart and Phillip Rogaway},
      title = {How to Enrich the Message Space of a Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/109},
      year = {2007},
      url = {https://eprint.iacr.org/2007/109}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.