{"day":"12","ec_funded":1,"year":"2015","publisher":"Springer","date_published":"2015-08-12T00:00:00Z","title":"Relaxing full-codebook security: A refined analysis of key-length extension schemes","scopus_import":1,"quality_controlled":"1","series_title":"Lecture Notes in Computer Science","main_file_link":[{"open_access":"1","url":"http://eprint.iacr.org/2015/397"}],"oa_version":"Submitted Version","publist_id":"5481","language":[{"iso":"eng"}],"intvolume":" 9054","page":"319 - 341","project":[{"name":"Provable Security for Physical Cryptography","call_identifier":"FP7","grant_number":"259668","_id":"258C570E-B435-11E9-9278-68D0E5697425"}],"status":"public","oa":1,"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","department":[{"_id":"KrPi"}],"date_created":"2018-12-11T11:53:22Z","month":"08","citation":{"ieee":"P. Gazi, J. Lee, Y. Seurin, J. Steinberger, and S. Tessaro, “Relaxing full-codebook security: A refined analysis of key-length extension schemes,” vol. 9054. Springer, pp. 319–341, 2015.","short":"P. Gazi, J. Lee, Y. Seurin, J. Steinberger, S. Tessaro, 9054 (2015) 319–341.","ama":"Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. Relaxing full-codebook security: A refined analysis of key-length extension schemes. 2015;9054:319-341. doi:10.1007/978-3-662-48116-5_16","mla":"Gazi, Peter, et al. Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes. Vol. 9054, Springer, 2015, pp. 319–41, doi:10.1007/978-3-662-48116-5_16.","apa":"Gazi, P., Lee, J., Seurin, Y., Steinberger, J., & Tessaro, S. (2015). Relaxing full-codebook security: A refined analysis of key-length extension schemes. Presented at the FSE: Fast Software Encryption, Istanbul, Turkey: Springer. https://doi.org/10.1007/978-3-662-48116-5_16","ista":"Gazi P, Lee J, Seurin Y, Steinberger J, Tessaro S. 2015. Relaxing full-codebook security: A refined analysis of key-length extension schemes. 9054, 319–341.","chicago":"Gazi, Peter, Jooyoung Lee, Yannick Seurin, John Steinberger, and Stefano Tessaro. “Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-662-48116-5_16."},"alternative_title":["LNCS"],"conference":{"location":"Istanbul, Turkey","name":"FSE: Fast Software Encryption","end_date":"2015-03-11","start_date":"2015-03-08"},"author":[{"first_name":"Peter","full_name":"Gazi, Peter","last_name":"Gazi","id":"3E0BFE38-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Lee, Jooyoung","first_name":"Jooyoung","last_name":"Lee"},{"first_name":"Yannick","full_name":"Seurin, Yannick","last_name":"Seurin"},{"first_name":"John","full_name":"Steinberger, John","last_name":"Steinberger"},{"last_name":"Tessaro","full_name":"Tessaro, Stefano","first_name":"Stefano"}],"doi":"10.1007/978-3-662-48116-5_16","_id":"1668","abstract":[{"lang":"eng","text":"We revisit the security (as a pseudorandom permutation) of cascading-based constructions for block-cipher key-length extension. Previous works typically considered the extreme case where the adversary is given the entire codebook of the construction, the only complexity measure being the number qe of queries to the underlying ideal block cipher, representing adversary’s secret-key-independent computation. Here, we initiate a systematic study of the more natural case of an adversary restricted to adaptively learning a number qc of plaintext/ciphertext pairs that is less than the entire codebook. For any such qc, we aim to determine the highest number of block-cipher queries qe the adversary can issue without being able to successfully distinguish the construction (under a secret key) from a random permutation.\r\nMore concretely, we show the following results for key-length extension schemes using a block cipher with n-bit blocks and κ-bit keys:\r\nPlain cascades of length ℓ=2r+1 are secure whenever qcqre≪2r(κ+n), qc≪2κ and qe≪22κ. The bound for r=1 also applies to two-key triple encryption (as used within Triple DES).\r\nThe r-round XOR-cascade is secure as long as qcqre≪2r(κ+n), matching an attack by Gaži (CRYPTO 2013).\r\nWe fully characterize the security of Gaži and Tessaro’s two-call "}],"publication_status":"published","type":"conference","volume":9054,"date_updated":"2020-08-11T10:09:26Z"}