[an error occurred while processing this directive] Elastic Block Ciphers

Thesis Abstract: Elastic Block Ciphers

Standard block ciphers are designed around one or a small number of block sizes. From both a practical and a theoretical perspective, the question of how to efficiently support a range of block sizes is of interest. In applications, the length of the data to be encrypted is often not a multiple of the supported block size. This results in the use of plaintext-padding schemes that impose computational and space overheads. Furthermore, a variable-length block cipher ideally provides a variable-length pseudorandom permutation and strong pseudorandom permutation, which are theoretical counterparts of practical block ciphers and correspond to ideal properties for a block cipher.

The focus of my research is the design and analysis of a method for creating variable-length block ciphers from existing fixed-length block ciphers. As the heart of the method, I introduce the concept of an elastic block cipher, which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. I create a structure, referred to as the elastic network, that uses the round function from any existing block cipher in a manner that allows the properties of the round function to be maintained and results in the security of the elastic version of a block cipher being directly related to that of the original version. By forming a reduction between the elastic and original versions, I prove that the elastic version of a cipher is secure against round-key recovery attacks if the original cipher is secure against such attacks. I illustrate the method by creating elastic versions of four existing block ciphers. In addition, the elastic network provides a new primitive structure for use in symmetric-key cipher design. It allows for the creation of variable-length pseudorandom permutations and strong pseudorandom permutations (a PRP and SPRP for each length) in the range of b to 2b bits from round functions that are independently chosen pseudorandom permutations on b bits.