Sciweavers

TCC
2010
Springer

A Domain Extender for the Ideal Cipher

14 years 9 months ago
A Domain Extender for the Ideal Cipher
We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [6]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [7], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable blockcipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound. Key-words: ideal cipher model, indifferentiability, tweakable block-cipher.
Jean-Sébastien Coron, Yevgeniy Dodis, Avrad
Added 17 Mar 2010
Updated 17 Mar 2010
Type Conference
Year 2010
Where TCC
Authors Jean-Sébastien Coron, Yevgeniy Dodis, Avradip Mandal, Yannick Seurin
Comments (0)