### Abstract

We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

Original language | English (US) |
---|---|

Title of host publication | Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings |

Pages | 273-289 |

Number of pages | 17 |

Volume | 5978 LNCS |

DOIs | |

State | Published - 2010 |

Event | 7th Theory of Cryptography Conference, TCC 2010 - Zurich, Switzerland Duration: Feb 9 2010 → Feb 11 2010 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 5978 LNCS |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 7th Theory of Cryptography Conference, TCC 2010 |
---|---|

Country | Switzerland |

City | Zurich |

Period | 2/9/10 → 2/11/10 |

### Fingerprint

### Keywords

- Ideal cipher model
- Indifferentiability
- Tweakable block-cipher

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings*(Vol. 5978 LNCS, pp. 273-289). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5978 LNCS). https://doi.org/10.1007/978-3-642-11799-2_17

**A domain extender for the ideal cipher.** / Coron, Jean Sébastien; Dodis, Yevgeniy; Mandal, Avradip; Seurin, Yannick.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings.*vol. 5978 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5978 LNCS, pp. 273-289, 7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, 2/9/10. https://doi.org/10.1007/978-3-642-11799-2_17

}

TY - GEN

T1 - A domain extender for the ideal cipher

AU - Coron, Jean Sébastien

AU - Dodis, Yevgeniy

AU - Mandal, Avradip

AU - Seurin, Yannick

PY - 2010

Y1 - 2010

N2 - We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

AB - We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

KW - Ideal cipher model

KW - Indifferentiability

KW - Tweakable block-cipher

UR - http://www.scopus.com/inward/record.url?scp=77949598897&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77949598897&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-11799-2_17

DO - 10.1007/978-3-642-11799-2_17

M3 - Conference contribution

SN - 3642117988

SN - 9783642117985

VL - 5978 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 273

EP - 289

BT - Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings

ER -