Paper 2016/825

Revisiting Cascade Ciphers in Indifferentiability Setting

Chun Guo, Dongdai Lin, and Meicheng Liu


Shannon defined an ideal $(\kappa,n)$-blockcipher as a secrecy system consisting of $2^{\kappa}$ independent $n$-bit random permutations. In this paper, we revisit the following question: in the ideal cipher model, can a cascade of several ideal $(\kappa,n)$-blockciphers realize an ideal $(2\kappa,n)$-blockcipher? The motivation goes back to Shannon's theory on product secrecy systems, and similar question was considered by Even and Goldreich (CRYPTO '83) in different settings. We give the first positive answer: for the cascade of independent ideal $(\kappa,n)$-blockciphers with two alternated independent keys, four stages are necessary and sufficient to realize an ideal $(2\kappa,n)$-blockcipher, in the sense of indifferentiability of Maurer et al. (TCC 2004). This shows cascade capable of achieving key-length extension in the settings where keys are \emph{not necessarily secret}.

Available format(s)
Publication info
Preprint. MINOR revision.
blockciphercascadeideal cipherindifferentiability.
Contact author(s)
guochun @ iie ac cn
2017-05-23: revised
2016-08-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Chun Guo and Dongdai Lin and Meicheng Liu},
      title = {Revisiting Cascade Ciphers in Indifferentiability Setting},
      howpublished = {Cryptology ePrint Archive, Paper 2016/825},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.