Paper 2018/434
Towards Tight Security of Cascaded LRW2
Bart Mennink
Abstract
The Cascaded LRW2 tweakable block cipher was introduced by Landecker et al. at CRYPTO 2012, and proven secure up to $2^{2n/3}$ queries. There has not been any attack on the construction faster than the generic attack in $2^n$ queries. In this work we initiate the quest towards a tight bound. We first present a distinguishing attack in $2n^{1/2}2^{3n/4}$ queries against a generalized version of the scheme. The attack is supported with an experimental verification and a formal success probability analysis. We subsequently discuss non-trivial bottlenecks in proving tight security, most importantly the distinguisher's freedom in choosing the tweak values. Finally, we prove that if every tweak value occurs at most $2^{n/4}$ times, Cascaded LRW2 is secure up to $2^{3n/4}$ queries.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- A minor revision of an IACR publication in TCC 2018
- Keywords
- LRW2Cascaded LRW2tweakable block ciphertightness
- Contact author(s)
- b mennink @ cs ru nl
- History
- 2018-09-12: revised
- 2018-05-14: received
- See all versions
- Short URL
- https://ia.cr/2018/434
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/434, author = {Bart Mennink}, title = {Towards Tight Security of Cascaded {LRW2}}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/434}, year = {2018}, url = {https://eprint.iacr.org/2018/434} }