Security Ampliication by Composition: the Case of Doubly-iterated, Ideal Ciphers
نویسندگان
چکیده
We i n v estigate, in the Shannon model, the security of constructions corresponding to double and two-key triple DES. That is, we consider F k1 F k2 and F k1 F ,1 k2 F k1 with the component functions being ideal ciphers. This models the resistance of these constructions to generic" attacks like meet in the middle attacks. We obtain the rst proof that composition actually increases the security in some meaningful sense. We compute a bound on the probability of breaking the double cipher as a function of the number of computations of the base cipher made, and the number of examples of the composed cipher seen, and show that the success probability is the square of that for a single key cipher. The same bound holds for the two-key triple cipher. The rst bound is tight and shows that meet in the middle is the best possible generic attack against the double cipher.
منابع مشابه
Security Amplification by Composition: The Case of Doubly-Iterated, Ideal Ciphers
We investigate, in the Shannon model, the security of constructions corresponding to double and (two-key) triple DES. That is, we consider Fk1 (Fk2(·)) and Fk1(F −1 k2 (Fk1 (·))) with the component functions being ideal ciphers. This models the resistance of these constructions to “generic” attacks like meet in the middle attacks. We obtain the first proof that composition actually increases th...
متن کاملAlternating Product Ciphers: A Case for Provable Security Comparisons - (Extended Abstract)
We formally study iterated block ciphers that alternate between two sequences of independent and identically distributed (i.i.d.) rounds. It is demonstrated that, in some cases the effect of alternating increases security, while in other cases the effect may strictly decrease security relative to the corresponding product of one of its component sequences. As this would appear to contradict con...
متن کاملAlternating Product Ciphers: A Case for Provable Security Comparisons
We formally study iterated block ciphers that alternate between two sequences of independent and identically distributed (i.i.d.) rounds. It is demonstrated that, in some cases the effect of alternating increases security, while in other cases the effect may strictly decrease security relative to the corresponding product of one of its component sequences. As this would appear to contradict con...
متن کاملSecurity of Even-Mansour Ciphers under Key-Dependent Messages
The iterated Even–Mansour (EM) ciphers form the basis of many blockcipher designs. Several results have established their security in the CPA/CCA models, under related-key attacks, and in the indifferentiability framework. In this work, we study the Even–Mansour ciphers under key-dependent message (KDM) attacks. KDM security is particularly relevant for blockciphers since non-expanding mechanis...
متن کاملGeneralised Round Functions for Block Ciphers and their Security
Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible laye...
متن کامل