Cryptology ePrint Archive: Report 2018/434

Towards Tight Security of Cascaded LRW2

Bart Mennink

Abstract: The Cascaded LRW2 tweakable block cipher was introduced by Landecker et al. at CRYPTO 2012, and proven secure up to $2^{2n/3}$ queries. There has not been any attack on the construction faster than the generic attack in $2^n$ queries. In this work we initiate the quest towards a tight bound. We first present a distinguishing attack in $2n^{1/2}2^{3n/4}$ queries against a generalized version of the scheme. The attack is supported with an experimental verification and a formal success probability analysis. We subsequently discuss non-trivial bottlenecks in proving tight security, most importantly the distinguisher's freedom in choosing the tweak values. Finally, we prove that if every tweak value occurs at most $2^{n/4}$ times, Cascaded LRW2 is secure up to $2^{3n/4}$ queries.

Category / Keywords: secret-key cryptography / LRW2, Cascaded LRW2, tweakable block cipher, tightness

Original Publication (with minor differences): IACR-TCC-2018

Date: received 10 May 2018, last revised 12 Sep 2018

Contact author: b mennink at cs ru nl

Available format(s): PDF | BibTeX Citation

Version: 20180912:081903 (All versions of this report)

Short URL: ia.cr/2018/434


[ Cryptology ePrint archive ]