Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading

Peter Gaži and Stefano Tessaro

Advances in Cryptology — EUROCRYPT 2012, Lecture Notes in Computer Science, Springer-Verlag, vol. 7237, pp. 63–80, Apr 2012, this is the full version.

We consider the question of efficiently extending the key length of block ciphers. To date, the approach providing highest security is triple encryption (used e.g. in Triple-DES), which was proved to have roughly k + min{n/2, k/2} bits of security when instantiated with ideal block ciphers with key length k and block length n, at the cost of three block-cipher calls per message block.

This paper presents a new practical key-length extension scheme exhibiting k + n/2 bits of security hence improving upon the security of triple encryption solely at the cost of two block cipher calls and a key of length k + n. We also provide matching generic attacks showing the optimality of the security level achieved by our approach with respect to a general class of two-query constructions.

BibTeX Citation

@inproceedings{GazTes12,
    author       = {Peter Gaži and Stefano Tessaro},
    title        = {Efficient and Optimally Secure Key-Length Extension for Block Ciphers via Randomized Cascading},
    booktitle    = {Advances in Cryptology --- EUROCRYPT 2012},
    pages        = {63--80},
    series       = {Lecture Notes in Computer Science},
    volume       = {7237},
    year         = {2012},
    month        = {4},
    note         = {this is the full version},
    publisher    = {Springer-Verlag},
}