Alternating Product Ciphers: A Case for Provable Security Comparisons (extended abstract)
This work addresses a foundational issue in cryptography for researchers and practitioners by providing a formal framework to compare security metrics, though it appears incremental in refining existing theoretical approaches.
The paper tackles the problem of analyzing the security of iterated block ciphers that alternate between two sequences of i.i.d. rounds, showing that alternating can either increase or decrease security compared to a single sequence, and introduces new machinery for provable security comparisons.
We formally study iterated block ciphers that alternate between two sequences of independent and identically distributed (i.i.d.) rounds. It is demonstrated that, in some cases the effect of alternating increases security, while in other cases the effect may strictly decrease security relative to the corresponding product of one of its component sequences. As this would appear to contradict conventional wisdom based on the ideal cipher approximation, we introduce new machinery for provable security comparisons. The comparisons made here simultaneously establish a coherent ordering of security metrics ranging from key-recovery cost to computational indistinguishability.