A domain extender for the ideal cipher

Jean Sébastien Coron, Yevgeniy Dodis, Avradip Mandal, Yannick Seurin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings
Pages273-289
Number of pages17
Volume5978 LNCS
DOIs
StatePublished - 2010
Event7th Theory of Cryptography Conference, TCC 2010 - Zurich, Switzerland
Duration: Feb 9 2010Feb 11 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5978 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other7th Theory of Cryptography Conference, TCC 2010
CountrySwitzerland
CityZurich
Period2/9/102/11/10

Fingerprint

Random Oracle
Block Cipher
Standard Model
Attack

Keywords

  • Ideal cipher model
  • Indifferentiability
  • Tweakable block-cipher

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Coron, J. S., Dodis, Y., Mandal, A., & Seurin, Y. (2010). A domain extender for the ideal cipher. In Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings (Vol. 5978 LNCS, pp. 273-289). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5978 LNCS). https://doi.org/10.1007/978-3-642-11799-2_17

A domain extender for the ideal cipher. / Coron, Jean Sébastien; Dodis, Yevgeniy; Mandal, Avradip; Seurin, Yannick.

Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings. Vol. 5978 LNCS 2010. p. 273-289 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5978 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Coron, JS, Dodis, Y, Mandal, A & Seurin, Y 2010, A domain extender for the ideal cipher. in Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings. vol. 5978 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5978 LNCS, pp. 273-289, 7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, 2/9/10. https://doi.org/10.1007/978-3-642-11799-2_17
Coron JS, Dodis Y, Mandal A, Seurin Y. A domain extender for the ideal cipher. In Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings. Vol. 5978 LNCS. 2010. p. 273-289. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-11799-2_17
Coron, Jean Sébastien ; Dodis, Yevgeniy ; Mandal, Avradip ; Seurin, Yannick. / A domain extender for the ideal cipher. Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings. Vol. 5978 LNCS 2010. pp. 273-289 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{e88cb2ea8dad443cadd104a658d02532,
title = "A domain extender for the ideal cipher",
abstract = "We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.",
keywords = "Ideal cipher model, Indifferentiability, Tweakable block-cipher",
author = "Coron, {Jean S{\'e}bastien} and Yevgeniy Dodis and Avradip Mandal and Yannick Seurin",
year = "2010",
doi = "10.1007/978-3-642-11799-2_17",
language = "English (US)",
isbn = "3642117988",
volume = "5978 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "273--289",
booktitle = "Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings",

}

TY - GEN

T1 - A domain extender for the ideal cipher

AU - Coron, Jean Sébastien

AU - Dodis, Yevgeniy

AU - Mandal, Avradip

AU - Seurin, Yannick

PY - 2010

Y1 - 2010

N2 - We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

AB - We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

KW - Ideal cipher model

KW - Indifferentiability

KW - Tweakable block-cipher

UR - http://www.scopus.com/inward/record.url?scp=77949598897&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77949598897&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-11799-2_17

DO - 10.1007/978-3-642-11799-2_17

M3 - Conference contribution

SN - 3642117988

SN - 9783642117985

VL - 5978 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 273

EP - 289

BT - Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings

ER -