Abstract
We consider the question of efficiently extending the key length of block ciphers. To date, the approach providing highest security is triple encryption (used e.g. in Triple-DES), which was proved to have roughly κ + min {n/2, κ/2} bits of security when instantiated with ideal block ciphers with key length κ and block length n, at the cost of three block-cipher calls per message block. This paper presents a new practical key-length extension scheme exhibiting κ + n/2 bits of security – hence improving upon the security of triple encryption – solely at the cost of two block cipher calls and a key of length κ + n. We also provide matching generic attacks showing the optimality of the security level achieved by our approach with respect to a general class of two-query constructions.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
