On the Construction of Variable-Input-Length Ciphers

Authors: M. Bellare and P. Rogaway

Abstract: Whereas a block cipher enciphers messages of some one particular length (the blocklength), a {variable-input-length cipher} takes messages of varying (and preferably arbitrary) lengths. Still, the length of the ciphertext must equal the length of the plaintext. This paper introduces the problem of constructing such objects, and provides a practical solution. Our VIL mode of operation makes a variable-input-length cipher from any block cipher. The method is demonstrably secure in the provable-security sense of modern cryptography: we give a quantitative security analysis relating the difficulty of breaking the constructed (variable-input-length) cipher to the difficulty of breaking the underlying block cipher.

Ref: In Proceedings of 6th Workshop on Fast Software Encryption, Lecture Notes in Computer Science Vol. 1636, Ed. L. Knudsen, Springer-Verlag, 1999. Paper available below.

Paper: Available as compressed postscript, postscript, or pdf. ( Help if this doesn't work).