In this paper, we revisit the following question: in the ideal cipher model, can a cascade of several ideal $(\kappa,n)$-blockciphers realize an ideal $(2\kappa,n)$-blockcipher? The motivation goes back to Shannon's theory on product secrecy systems, and similar question was considered by Even and Goldreich (CRYPTO '83) in different settings. We give the first positive answer: for the cascade of independent ideal $(\kappa,n)$-blockciphers with two alternated independent keys, four stages are necessary and sufficient to realize an ideal $(2\kappa,n)$-blockcipher, in the sense of indifferentiability of Maurer et al. (TCC 2004). This shows cascade capable of achieving key-length extension in the settings where keys are \emph{not necessarily secret}.
Category / Keywords: blockcipher, cascade, ideal cipher, indifferentiability. Date: received 25 Aug 2016, last revised 22 May 2017 Contact author: guochun at iie ac cn Available format(s): PDF | BibTeX Citation Version: 20170523:014232 (All versions of this report) Short URL: ia.cr/2016/825