Cryptology ePrint Archive: Report 2014/096

Tight security bounds for multiple encryption

Yuanxi Dai, John Steinberger

Abstract: Multiple encryption---the practice of composing a blockcipher several times with itself under independent keys---has received considerable attention of late from the standpoint of provable security. Despite these efforts proving definitive security bounds (i.e., with matching attacks) has remained elusive even for the special case of triple encryption. In this paper we close the gap by improving both the best known attacks and best known provable security, so that both bounds match. Our results apply for arbitrary number of rounds and show that the security of $\ell$-round multiple encryption is precisely $\exp(\kappa + \min\{\kappa (\ell'-2)/2), n (\ell'-2)/\ell'\})$ where $\exp(t) = 2^t$ and where $\ell' = 2\lceil \ell/2\rceil$ is the even integer closest to $\ell$ and greater than or equal to $\ell$, for all $\ell \geq 1$. Our technique is based on Patarin's H-coefficient method and reuses a combinatorial result of Chen and Steinberger originally required in the context of key-alternating ciphers.

Category / Keywords: secret-key cryptography / multiple encryption, cascade ciphers, provable security

Date: received 10 Feb 2014, last revised 20 Mar 2014

Contact author: jpsteinb at gmail com, shusdtc at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20140320:083308 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]