Key-Length Extension for Block Ciphers: Plain and Randomized Cascades
Peter Gazi, IST Austria

In this overview talk I will present existing approaches to the problem of efficiently extending the key length of a block cipher. The most widely known (and used) approach is cascading (as in Triple-DES), where the block cipher is applied multiple times using independent keys. An alternative approach called randomized cascading has recently received considerable attention due to its better security/efficiency trade-off. I will summarize existing results characterizing the security achieved by both these classes of constructions in the ideal cipher model, and also describe generic attacks upper-bounding the achievable security levels of any potential candidate for a key-length extension.