The security of cascade blockcipher encryption is an important and well-studied problem in theoretical cryptography with practical implications. It is well-known that double encryption improves the security only marginally, leaving triple encryption as the shortest reasonable cascade. In a recent paper, Bellare and Rogaway showed that in the ideal cipher model, triple encryption is significantly more secure than single and double encryption, stating the security of longer cascades as an open question.

In this paper, we propose a new lemma on the indistinguishability of systems extending Maurer’s theory of random systems. In addition to being of independent interest, it allows us to compactly rephrase Bellare and Rogaway’s proof strategy in this framework, thus making the argument more abstract and hence easy to follow. As a result, this allows us to address the security of longer cascades. Our result implies that for blockciphers with smaller key space than message space (e.g. DES), longer cascades improve the security of the encryption up to a certain limit. This partially answers the open question mentioned above.


cascade encryption ideal cipher model random system indistinguishability 


  1. 1.
    Aiello, W., Bellare, M., Di Crescenzo, G., Venkatesan, R.: Security Amplification by Composition: The case of Doubly-Iterated, Ideal Ciphers. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 499–558. Springer, Heidelberg (1998)Google Scholar
  2. 2.
    ANSI X9.52, Triple Data Encryption Algorithm Modes of Operation (1998)Google Scholar
  3. 3.
    Bellare, M., Namprempre, Ch.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm, full version, Cryptology ePrint Archive, Report 2000/025 (2007)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Code-Based Game-Playing Proofs and the Security of Triple Encryption. In: Eurocrypt 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006), CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Ristenpart, T.: Hash Functions in the Dedicated-Key Setting: Design Choices and MPP Transforms. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 399–410. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Coron, J.S., Patarin, J., Seurin, Y.: The Random Oracle Model and the Ideal Cipher Model are Equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)Google Scholar
  7. 7.
    Diffie, W., Hellman, M.: Exhaustive Cryptanalysis of the Data Encryption Standard. Computer 10, 74–84 (1977)CrossRefGoogle Scholar
  8. 8.
    Even, S., Goldreich, O.: On the Power of Cascade Ciphers. ACM Transactions on Computer Systems 3(2), 108–116 (1985)CrossRefGoogle Scholar
  9. 9.
    Even, S., Mansour, Y.: A Construction of a Cipher from a Pseudorandom Permutation. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210–224. Springer, Heidelberg (1993)Google Scholar
  10. 10.
    Maurer, U.: Indistinguishability of Random Systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Maurer, U., Massey, J.: Cascade Ciphers: the Importance of Being First. J. of Cryptology 6(1), 55–61 (1993)zbMATHCrossRefGoogle Scholar
  12. 12.
    Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability Amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    National Institute of Standards and Technology: FIPS PUB 46-3: Data Encryption Standard (DES) (1999)Google Scholar
  14. 14.
    National Institute of Standards and Technology: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, NIST Special Publication 800-67 (2004)Google Scholar
  15. 15.
    Rogaway, P., Shrimpton, T.: Deterministic Autenticated-Encryption. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Peter Gaži
    • 1
    • 2
  • Ueli Maurer
    • 1
  1. 1.Department of Computer ScienceETH ZürichSwitzerland
  2. 2.Department of Computer ScienceComenius UniversityBratislavaSlovakia

Personalised recommendations