This paper discusses provable security of two types of cascade encryptions. The first construction CEl, called l-cascade encryption, is obtained by sequentially composing l blockcipher calls with independent keys. The security of CEl has been a longstanding open problem until Gaži and Maurer [9] proved its security up to 2 κ+min{n/2, κ} query complexity for large cascading length, where κ and n denote the key size and the block size of the underlying blockcipher, respectively. We improve this limit by proving the security of CEl up to 2 κ+min{κ, n}-16/l (n/2+2) query complexity: this bound approaches with increasing cascade length l. The second construction XCE l is a natural cascade version of the DESX scheme with intermediate keys xored between blockcipher calls. This can also be viewed as an extension of double XOR-cascade proposed by Gaži and Tessaro [10]. We prove that XCEl is secure up to 2κ+n-8/l(n/2+2) query complexity. As cascade length l increases, this bound approaches 2 κ+n . In the ideal cipher model, one can obtain all the evaluations of the underlying blockcipher by making 2κ+n queries, so the (κ + n)-bit security becomes the maximum that key-length extension based on a single κ-bit key n-bit blockcipher is able to achieve. Cascade encryptions CEl (with n ≤ κ) and XCE l provide almost optimal security with large cascade length. © 2013 International Association for Cryptologic Research.
CITATION STYLE
Lee, J. (2013). Towards key-length extension with optimal security: Cascade encryption and xor-cascade encryption. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7881 LNCS, pp. 405–425). https://doi.org/10.1007/978-3-642-38348-9_25
Mendeley helps you to discover research relevant for your work.