Towards Tight Security of Cascaded LRW2

Bart Mennink

Paper 2018/434

Towards Tight Security of Cascaded LRW2

Bart Mennink

Abstract

The Cascaded LRW2 tweakable block cipher was introduced by Landecker et al. at CRYPTO 2012, and proven secure up to $2^{2 n / 3}$ queries. There has not been any attack on the construction faster than the generic attack in $2^{n}$ queries. In this work we initiate the quest towards a tight bound. We first present a distinguishing attack in $2 n^{1 / 2} 2^{3 n / 4}$ queries against a generalized version of the scheme. The attack is supported with an experimental verification and a formal success probability analysis. We subsequently discuss non-trivial bottlenecks in proving tight security, most importantly the distinguisher's freedom in choosing the tweak values. Finally, we prove that if every tweak value occurs at most $2^{n / 4}$ times, Cascaded LRW2 is secure up to $2^{3 n / 4}$ queries.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: A minor revision of an IACR publication in TCC 2018
Keywords: LRW2 Cascaded LRW2 tweakable block cipher tightness
Contact author(s): b mennink @ cs ru nl
History: 2018-09-12: revised; 2018-05-14: received; See all versions
Short URL: https://ia.cr/2018/434
License: CC BY

BibTeX

@misc{cryptoeprint:2018/434,
      author = {Bart Mennink},
      title = {Towards Tight Security of Cascaded {LRW2}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/434},
      year = {2018},
      url = {https://eprint.iacr.org/2018/434}
}