25 research outputs found
Tight Security Bounds for Triple Encryption
In this paper, we revisit the old problem asking the exact provable security of triple encryption in the ideal cipher model. For a blockcipher with key length k and block size n, triple encryption is known to be secure up to 2^{k+min{k/2,n/2}} queries, while the best attack requires 2^{k+min{k,n/2}} query complexity. So there is a gap between the upper and lower bounds for the security of triple encryption. We close this gap by proving the security up to 2^{k+min{k,n/2}} query complexity. With the DES parameters, triple encryption is secure up to 2^{82.5} queries, greater than the current bound of 2^{78.3} and comparable to 2^{83.5} for 2-XOR-cascade.
We also analyze the security of two-key triple encryption, where the first and the third keys are identical. We prove that two-key triple encryption is secure up to 2^{k+min{k,n/2}} queries to the underlying blockcipher and 2^{min{k,n/2}} queries to the outer permutation. For the DES parameters, this result is interpreted as the security of two-key triple encryption up to 2^{32} plaintext-ciphertext pairs and 2^{81.7} blockcipher encryptions
Enhancing the Strength of Conventional Cryptosystems
is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent publications in the BRICS Report Series. Copies may be obtained by contacting: BRIC
Quantifying Shannon's Work Function for Cryptanalytic Attacks
Attacks on cryptographic systems are limited by the available computational
resources. A theoretical understanding of these resource limitations is needed
to evaluate the security of cryptographic primitives and procedures. This study
uses an Attacker versus Environment game formalism based on computability logic
to quantify Shannon's work function and evaluate resource use in cryptanalysis.
A simple cost function is defined which allows to quantify a wide range of
theoretical and real computational resources. With this approach the use of
custom hardware, e.g., FPGA boards, in cryptanalysis can be analyzed. Applied
to real cryptanalytic problems, it raises, for instance, the expectation that
the computer time needed to break some simple 90 bit strong cryptographic
primitives might theoretically be less than two years.Comment: 19 page
Block Ciphers: Analysis, Design and Applications
In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of Feistel ciphers is studied, which has a number of rounds, where in each round one applies a cryptographically weak function
A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN
status: publishe
Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes
We revisit the security (as a pseudorandom permutation) of cascading-based constructions for block-cipher key-length extension. Previous works typically considered the extreme case where the adversary is given the entire codebook of the construction, the only complexity measure being the number of queries to the underlying ideal block cipher, representing adversary\u27s secret-key-independent computation. Here, we initiate a systematic study of the more natural case of an adversary restricted to adaptively learning a number of plaintext/ciphertext pairs that is less than the entire codebook. For any such , we aim to determine the highest number of block-cipher queries the adversary can issue without being able to successfully distinguish the construction (under a secret key) from a random permutation.
More concretely, we show the following results for key-length extension schemes using a block cipher with -bit blocks and -bit keys:
- Plain cascades of length are secure whenever , q_c \ll 2^\ka and q_e \ll 2^{2\ka}. The bound for also applies to two-key triple encryption (as used within Triple DES).
- The -round XOR-cascade is secure as long as , matching an attack by Gazi (CRYPTO 2013).
- We fully characterize the security of Gazi and Tessaro\u27s two-call 2XOR construction (EUROCRYPT 2012) for all values of , and note that the addition of a third whitening step strictly increases security for . We also propose a variant of this construction without re-keying and achieving comparable security levels