How to Enrich the Message Space of a Cipher

Thomas Ristenpart; Phillip Rogaway

Paper 2007/109

How to Enrich the Message Space of a Cipher

Thomas Ristenpart and Phillip Rogaway

Abstract

Given (deterministic) ciphers $\calE$ and~ $E$ that can encipher messages of $\el$ and $n$ bits, respectively, we construct a cipher~ $\calE^{*} = X L S [\calE, E]$ that can encipher messages of $\el + s$ bits for any $s < n$ . Enciphering such a string will take one call to~ $\calE$ and two calls to~ $E$ . We prove that~ $\calE^{*}$ is a strong pseudorandom permutation as long as~ $\calE$ and~ $E$ are. Our construction works even in the tweakable and VIL (variable-input-length) settings. It makes use of a multipermutation (a pair of orthogonal Latin squares), a combinatorial object not previously used to get a provable-security result.

Note: Revised paper to include a retraction notice.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Published elsewhere. Preliminary version appears in FSE 2007.
Keywords: Deterministic encryption enciphering scheme symmetric encryption length-preserving encryption multipermutation
Contact author(s): rist @ cs wisc edu
History: 2015-02-27: revised; 2007-03-26: received; See all versions
Short URL: https://ia.cr/2007/109
License: CC BY

BibTeX

@misc{cryptoeprint:2007/109,
      author = {Thomas Ristenpart and Phillip Rogaway},
      title = {How to Enrich the Message Space of a Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/109},
      year = {2007},
      url = {https://eprint.iacr.org/2007/109}
}