A domain extender for the ideal cipher

Jean Sébastien Coron, Yevgeniy Dodis, Avradip Mandal, Yannick Seurin

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We describe the first domain extender for ideal ciphers, i.e. we show a construction that is indifferentiable from a 2n-bit ideal cipher, given a n-bit ideal cipher. Our construction is based on a 3-round Feistel, and is more efficient than first building a n-bit random oracle from a n-bit ideal cipher (as in [9]) and then a 2n-bit ideal cipher from a n-bit random oracle (as in [10], using a 6-round Feistel). We also show that 2 rounds are not enough for indifferentiability by exhibiting a simple attack. We also consider our construction in the standard model: we show that 2 rounds are enough to get a 2n-bit tweakable block-cipher from a n-bit tweakable block-cipher and we show that with 3 rounds we can get beyond the birthday security bound.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings
Number of pages17
StatePublished - 2010
Event7th Theory of Cryptography Conference, TCC 2010 - Zurich, Switzerland
Duration: Feb 9 2010Feb 11 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5978 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other7th Theory of Cryptography Conference, TCC 2010


  • Ideal cipher model
  • Indifferentiability
  • Tweakable block-cipher

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'A domain extender for the ideal cipher'. Together they form a unique fingerprint.

Cite this