## Security amplification by composition: The case of
doubly-iterated, ideal ciphers

** Authors: W. Aiello, M. Bellare, G. Di Crescenzo and R.
Venkatesan **
** Abstract: ** We investigate, in the Shannon model, the security of
constructions corresponding to double and (two-key) triple DES. That
is, we consider

F_{k1}(F_{k2}(.)) and
F_{k1}(F_{k2}^{-1}(F_{k1}(.)))
with the
component
functions being ideal ciphers. This models the resistance of these
constructions to ``generic'' attacks like meet in the middle attacks.
We obtain the first proof that composition actually
increases the security in some meaningful sense. We compute a bound
on the probability of breaking the double cipher as a function of
the number of computations of the base cipher made, and the number
of examples of the composed cipher seen, and show that the success
probability is the square of that for a single key cipher. The
same bound holds for the two-key triple cipher. The first bound
is tight and shows that meet in the middle is the best possible
generic attack against the double cipher.

** Ref:** Extended abstract was in Advances in Cryptology- Crypto 98
Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed,
Springer-Verlag, 1998. Full paper available below.