Paper 2014/096

Tight security bounds for multiple encryption

Yuanxi Dai and John Steinberger

Abstract

Multiple encryption---the practice of composing a blockcipher several times with itself under independent keys---has received considerable attention of late from the standpoint of provable security. Despite these efforts proving definitive security bounds (i.e., with matching attacks) has remained elusive even for the special case of triple encryption. In this paper we close the gap by improving both the best known attacks and best known provable security, so that both bounds match. Our results apply for arbitrary number of rounds and show that the security of $\ell$-round multiple encryption is precisely $\exp(\kappa + \min\{\kappa (\ell'-2)/2), n (\ell'-2)/\ell'\})$ where $\exp(t) = 2^t$ and where $\ell' = 2\lceil \ell/2\rceil$ is the even integer closest to $\ell$ and greater than or equal to $\ell$, for all $\ell \geq 1$. Our technique is based on Patarin's H-coefficient method and reuses a combinatorial result of Chen and Steinberger originally required in the context of key-alternating ciphers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
multiple encryptioncascade ciphersprovable security
Contact author(s)
jpsteinb @ gmail com
shusdtc @ gmail com
History
2014-03-20: revised
2014-02-14: received
See all versions
Short URL
https://ia.cr/2014/096
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2014/096,
      author = {Yuanxi Dai and John Steinberger},
      title = {Tight security bounds for multiple encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2014/096},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/096}},
      url = {https://eprint.iacr.org/2014/096}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.