Abstract
We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound. © 2010 Springer.
Author supplied keywords
Cite
CITATION STYLE
Coron, J. S., Dodis, Y., Mandal, A., & Seurin, Y. (2010). A domain extender for the ideal cipher. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5978 LNCS, pp. 273–289). https://doi.org/10.1007/978-3-642-11799-2_17
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
