Indexed on: 11 Sep '13Published on: 11 Sep '13Published in: Computer Science - Cryptography and Security
We formally study iterated block ciphers that alternate between two sequences of independent and identically distributed (i.i.d.) rounds. It is demonstrated that, in some cases the effect of alternating increases security, while in other cases the effect may strictly decrease security relative to the corresponding product of one of its component sequences. As this would appear to contradict conventional wisdom based on the ideal cipher approximation, we introduce new machinery for provable security comparisons. The comparisons made here simultaneously establish a coherent ordering of security metrics ranging from key-recovery cost to computational indistinguishability.